示例#1
0
        private void ValidateKeyAndSetPrincipal(string headerValue)
        {
            var tokenService = new JwtTokenService(_apiKeySecret);

            var tokenValue    = headerValue.Split(' ').ElementAt(1);
            var tokenAudience = tokenService.Decode(tokenValue, "aud", _apiAudiences, _apiIssuer);
            var tokenRoles    = tokenService.Decode(tokenValue, "data", _apiAudiences, _apiIssuer);

            var roles = tokenRoles.Split(' ');

            var principal = new GenericPrincipal(new GenericIdentity(tokenAudience), roles);

            Thread.CurrentPrincipal  = principal;
            HttpContext.Current.User = principal;
        }
        public void ShouldFailToDecodeIfAudienceIsInvalid()
        {
            // arrange
            var value   = "some value";
            var service = new JwtTokenService("this is a secret");
            var token   = service.Encode(value, "http://unknown.website.com", "http://my.tokenissuer.com"); // unknown audience

            // act
            ActualValueDelegate <string> testDelegate = () => service.Decode(token, _validAudiences, _validIssuers);

            // assert
            Assert.That(testDelegate, Throws.TypeOf <SecurityTokenInvalidAudienceException>());
        }
        public void ShouldDecodeAToken()
        {
            // arrange
            var value   = "some value";
            var service = new JwtTokenService("this is a secret");
            var token   = service.Encode(value, "http://my.website.com", "http://my.tokenissuer.com");

            // act
            var decoded = service.Decode(token, _validAudiences, _validIssuers);

            // assert
            Assert.That(decoded, Is.EqualTo(value));
        }
        public void ShouldFailToDecodeIfTokenIsExpired()
        {
            // arrange
            var value   = "some value";
            var service = new JwtTokenService("this is a secret", 0.0d);                                     // no clock skew allowed
            var token   = service.Encode(value, "http://my.website.com", "http://my.tokenissuer.com", 0.1d); // short lifetime

            Thread.Sleep(250);

            // act
            ActualValueDelegate <string> testDelegate = () => service.Decode(token, _validAudiences, _validIssuers);

            // assert
            Assert.That(testDelegate, Throws.TypeOf <SecurityTokenExpiredException>());
        }
        public void ShouldFailToDecodeIfSecretIsInvalid()
        {
            // arrange
            var value   = "some value";
            var encoder = new JwtTokenService("this is a secret");
            var token   = encoder.Encode(value, "http://my.website.com", "http://my.tokenissuer.com");

            // create a separate service for decoding
            var decoder = new JwtTokenService("this is a different secret"); // different secret to encoder

            // act
            ActualValueDelegate <string> testDelegate = () => decoder.Decode(token, _validAudiences, _validIssuers);

            // assert
            Assert.That(testDelegate, Throws.TypeOf <SignatureVerificationFailedException>());
        }