public void TokenNotSeparatedBy3Parts() { HttpRequestMessage request = new HttpRequestMessage(); request.Headers.Add("Authorization", "Bearer abc"); var tokenRequest = helper.GetRequestObject(request); Assert.IsNotNull(tokenRequest.Errors); Assert.AreEqual(2, tokenRequest.Errors.Count); Assert.AreEqual(Constants.Messages.JsonWebTokenParserError, tokenRequest.Errors[1].Message); Assert.AreEqual(Constants.Messages.TokenFormatError, tokenRequest.Errors[0].Message); }
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { Trace.TraceInformation("Enter JWT Authorize attribute."); if (actionContext == null) { throw new ArgumentNullException(Constants.Parameters.ActionContext); } var api = GetApi(actionContext.Request.RequestUri.LocalPath); Trace.TraceInformation($"localpath:{actionContext.Request.RequestUri.LocalPath}"); JsonWebTokenHelper helper = new JsonWebTokenHelper(new ConfigurationService(), api); Trace.TraceInformation("Call Getrequest object"); var request = helper.GetRequestObject(actionContext.Request); Trace.TraceInformation("GetRequestObject - success"); //presence of errors indicate bad request if (request.Errors != null && request.Errors.Count > 0) { Trace.TraceWarning("Bad Request Header: Error while parsing the request object"); actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized) { ReasonPhrase = Constants.Messages.JsonWebTokenParserError }; return; } //check token validation flags if (!request.HeaderAlgorithmValid || !request.HeaderTypeValid || !request.IssuedAtTimeValid || !request.NotBeforetimeValid || !request.SignatureValid || !request.ExpiryValid) { Trace.TraceWarning("Bad Request: One or more information is missing in the token or signature didn't match."); Trace.TraceWarning("Type:{0},Algorithm:{1},IatValid:{2},NbfValid:{3},SignValid:{4},Expiry:{5}" , request.HeaderTypeValid , request.HeaderAlgorithmValid , request.IssuedAtTimeValid , request.NotBeforetimeValid , request.SignatureValid , request.ExpiryValid); actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { ReasonPhrase = Constants.Messages.JsonWebTokenExpiredOrNoMatch }; return; } }
private HttpResponseMessage ValidateMessage(Payload payload) { JsonWebTokenHelper helper = new JsonWebTokenHelper(this.configurationService, Api.Caching); var request = helper.GetRequestObject(payload); if (request.Errors != null && request.Errors.Count > 0) { Trace.TraceWarning("Bad Request Header: Error while parsing the request object"); return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized) { ReasonPhrase = Constants.Messages.JsonWebTokenParserError }); } //check token validation flags if (!request.HeaderAlgorithmValid || !request.HeaderTypeValid || !request.IssuedAtTimeValid || !request.NotBeforetimeValid || !request.SignatureValid || !request.ExpiryValid) { Trace.TraceWarning("Bad Request: One or more information is missing in the token or signature didn't match."); Trace.TraceWarning("Type:{0},Algorithm:{1},IatValid:{2},NbfValid:{3},SignValid:{4},Expiry:{5}" , request.HeaderTypeValid , request.HeaderAlgorithmValid , request.IssuedAtTimeValid , request.NotBeforetimeValid , request.SignatureValid , request.ExpiryValid); return(new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { ReasonPhrase = Constants.Messages.JsonWebTokenExpiredOrNoMatch }); } return(null); }