public void Validate_Should_Throw_Exception_When_Crypto_Does_Not_Match_Signature() { const string token = TestData.Token; var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(token); var payloadJson = GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = GetBytes(string.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(GetBytes("ABC"), bytesToSign); ++signatureData[0]; // malformed signature var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); Action validateJwtWithBadSignature = () => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); validateJwtWithBadSignature.Should() .Throw <SignatureVerificationException>("because the signature does not match the crypto"); }
public void CanValidateValidToken(string token, string projectId) { var validator = new JwtValidator(); var result = validator.Validate(token, projectId); Assert.True(result.IsValid, result.ErrorMesage); Assert.NotNull(result.Token); }
private void RunValidationFor(int count, string token, string projectId) { var validator = new JwtValidator(); for (var i = 0; i < count; i++) { validator.Validate(token, projectId); } }
internal static void ValidateAuthorizationHeader(AuthenticationHeaderValue authenticationHeaderValue) { string token = string.IsNullOrWhiteSpace(authenticationHeaderValue?.Scheme) ? string.Empty : authenticationHeaderValue.Parameter; if (string.IsNullOrWhiteSpace(token) || !JwtValidator.Validate(token)) { throw new UnauthorizedAccessException(); } }
public void Validate_Should_Throw_Exception_When_Argument_Is_Null_Or_Empty(string payloadJson, string decodedCrypto, string decodedSignature) { var jwtValidator = new JwtValidator(null, null); Action validateJwtWithNullOrEmptyArgument = () => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); validateJwtWithNullOrEmptyArgument.Should() .Throw <ArgumentException>("because the JWT argument must not be null or empty"); }
protected override void ApplicationStartup(TinyIoCContainer container, IPipelines pipelines) { base.ApplicationStartup(container, pipelines); //configure the NLog stuff LoggingConfiguration logConfig = new LoggingConfiguration(); FileTarget fileTarget = new FileTarget(); fileTarget.FileName = "${basedir}/logFile.txt"; logConfig.AddTarget("file", fileTarget); fileTarget.Layout = @"${date:format=MM-dd-yyyy_HH\:mm\:ss} | ${message}"; var rule1 = new LoggingRule("*", LogLevel.Info, fileTarget); logConfig.LoggingRules.Add(rule1); LogManager.Configuration = logConfig; //create configuration with validation for JWT tokens for federated authentication StatelessAuthenticationConfiguration configuration = new StatelessAuthenticationConfiguration(ctx => { if (string.IsNullOrEmpty(ctx.Request.Headers.Authorization)) { //Auth header doesn't exist or is null, so assume no user return(null); } try { //validate the token is legit var validator = new JwtValidator(_config); bool result = validator.Validate(ctx.Request.Headers.Authorization); //if token was validated successfully, return User object if (result) { //return new User, passing the token in to populate the various claims return(new User(validator.DecodeToken(ctx.Request.Headers.Authorization))); } //if we somehow get here, return null return(null); } catch (Exception ex) { //something happened during the validation, so return null //return null; throw ex; } }); StatelessAuthentication.Enable(pipelines, configuration); }
public void Validate_Should_Not_Throw_Exception_When_Crypto_Matches_Signature() { var urlEncoder = new JwtBase64UrlEncoder(); var jsonNetSerializer = new JsonNetSerializer(); var utcDateTimeProvider = new UtcDateTimeProvider(); var jwt = new JwtParts(TestData.Token); var payloadJson = JwtValidator.GetString(urlEncoder.Decode(jwt.Payload)); var crypto = urlEncoder.Decode(jwt.Signature); var decodedCrypto = Convert.ToBase64String(crypto); var alg = new HMACSHA256Algorithm(); var bytesToSign = JwtValidator.GetBytes(String.Concat(jwt.Header, ".", jwt.Payload)); var signatureData = alg.Sign(JwtValidator.GetBytes("ABC"), bytesToSign); var decodedSignature = Convert.ToBase64String(signatureData); var jwtValidator = new JwtValidator(jsonNetSerializer, utcDateTimeProvider); jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature); }
public void Validate_Should_Throw_Exception_When_Argument_Is_Null_Or_Empty(string payloadJson, string decodedCrypto, string decodedSignature) { var jwtValidator = new JwtValidator(null, null); Assert.Throws <ArgumentException>(() => jwtValidator.Validate(payloadJson, decodedCrypto, decodedSignature)); }