public SimpleWebToken ValidateToken(string token) { if (token == null) { throw new HttpException((int)HttpStatusCode.Unauthorized, "SWT not found"); } var swt = new SimpleWebToken(token); byte[] securityKey = Convert.FromBase64String(SharedKeyBase64); if (securityKey == null) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Missing shared key"); } if (!IsHmacValid(swt.RawToken, securityKey)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid signature"); } if (swt.IsExpired) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Token expired"); } if (AllowedAudiences != null && AllowedAudiences.Count > 0) { Uri swtAudienceUri; if (!Uri.TryCreate(swt.Audience, UriKind.RelativeOrAbsolute, out swtAudienceUri)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid audience"); } if (AllowedAudiences.All(uri => uri != swtAudienceUri)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Audience not found"); } } if (!string.IsNullOrEmpty(AllowedIssuer)) { if (!AllowedIssuer.Equals(swt.Issuer, StringComparison.Ordinal)) { throw new HttpException((int)HttpStatusCode.Unauthorized, "Invalid issuer"); } } return(swt); }
private bool IsValidAudience(string authority, string audience) { var isValid = !string.IsNullOrEmpty(audience) && (audience.Is(authority) || AllowedAudiences.Any() && AllowedAudiences.Contains(audience)); if (isValid) { return(true); } if (DetailedAuthenticationErrors) { throw new SecurityException("The Token Audience is not allowed."); } return(false); }