示例#1
0
        private async Task <System.IdentityModel.Tokens.Jwt.JwtSecurityToken> ValidateAADIdTokenAsync(string idToken)
        {
            var stsDiscoveryEndpoint = "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration";

            var configRetriever = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever();

            var configManager = new Microsoft.IdentityModel.Protocols
                                .ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect
                                                       .OpenIdConnectConfiguration>(stsDiscoveryEndpoint, configRetriever);

            var config = await configManager.GetConfigurationAsync();

            var tokenValidationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
            {
                IssuerSigningKeys = config.SigningKeys,
            };

            var tokenHandler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();

            tokenHandler.ValidateToken(idToken, tokenValidationParameters, out var validatedToken);

            return(validatedToken as System.IdentityModel.Tokens.Jwt.JwtSecurityToken);
        }
        private async Task <System.Security.Claims.ClaimsPrincipal> ValidateAccessToken(string accessToken, ILogger log)
        {
            var audience     = _options.Value.Audience;
            var clientID     = _options.Value.ClientId;
            var tenant       = _options.Value.Tenant;
            var tenantid     = _options.Value.TenantId;
            var authority    = string.Format(System.Globalization.CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{0}/v2.0", tenant);
            var validIssuers = new List <string>()
            {
                $"https://login.microsoftonline.com/{tenant}/",
                $"https://login.microsoftonline.com/{tenant}/v2.0",
                $"https://login.windows.net/{tenant}/",
                $"https://login.microsoft.com/{tenant}/",
                $"https://sts.windows.net/{tenantid}/"
            };

            // Debugging purposes only, set this to false for production
            Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

            Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager =
                new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>(
                    $"{authority}/.well-known/openid-configuration",
                    new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());

            Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = null;
            config = await configManager.GetConfigurationAsync();

            Microsoft.IdentityModel.Tokens.ISecurityTokenValidator tokenValidator = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();

            // Initialize the token validation parameters
            Microsoft.IdentityModel.Tokens.TokenValidationParameters validationParameters = new Microsoft.IdentityModel.Tokens.TokenValidationParameters
            {
                // App Id URI and AppId of this service application are both valid audiences.
                ValidAudiences = new[] { audience, clientID },

                // Support Azure AD V1 and V2 endpoints.
                ValidIssuers      = validIssuers,
                IssuerSigningKeys = config.SigningKeys
            };

            try
            {
                Microsoft.IdentityModel.Tokens.SecurityToken securityToken;
                var claimsPrincipal = tokenValidator.ValidateToken(accessToken, validationParameters, out securityToken);
                return(claimsPrincipal);
            }
            catch (Exception ex)
            {
                log.LogInformation(ex.Message);
            }
            return(null);
        }
示例#3
0
        private ManualValidadeToken()
        {
            string auth0Domain   = System.Configuration.ConfigurationManager.AppSettings["auth0Domain"];
            string auth0Audience = System.Configuration.ConfigurationManager.AppSettings["ida:Audience"];

            Microsoft.IdentityModel.Protocols.IConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configurationManager =
                new Microsoft.IdentityModel.Protocols.ConfigurationManager <Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration>($"{auth0Domain}.well-known/openid-configuration", new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever());
            Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration openIdConfig = AsyncHelper.RunSync(async() => await configurationManager.GetConfigurationAsync(CancellationToken.None));

            validationParameters = new TokenValidationParameters
            {
                ValidIssuer       = auth0Domain,
                ValidAudiences    = new[] { auth0Audience },
                IssuerSigningKeys = openIdConfig.SigningKeys
            };
            handler = new JwtSecurityTokenHandler();
        }