/// <summary> /// This method is ONLY to be used in cases where the SkipTokenSignatureValidation option is turned on /// and we can safely assume that any incoming tokens are valid and their claims can be trusted. /// </summary> /// <param name="tokenValue">The token to be parsed.</param> /// <param name="claimsPrincipal">The resulting claims principal.</param> /// <returns>True if the token can be parsed successfully.</returns> internal static bool GetClaimsPrincipalForPrevalidatedToken(string tokenValue, out ClaimsPrincipal claimsPrincipal) { TokenValidationParameters validationParameters = new TokenValidationParameters { ValidateAudience = true, ValidAudience = ZumoAudienceValue, ValidateIssuer = true, ValidIssuer = ZumoIssuerValue, ValidateLifetime = false, }; SkipSignatureJwtSecurityTokenHandler tokenHandler = new SkipSignatureJwtSecurityTokenHandler(); claimsPrincipal = null; try { SecurityToken validatedToken; claimsPrincipal = tokenHandler.ValidateToken(tokenValue, validationParameters, out validatedToken); } catch (SecurityTokenException) { // can happen if the token fails validation for any reason, // e.g. wrong signature, etc. return(false); } catch (ArgumentException) { // happens if the token cannot even be read // i.e. it is malformed return(false); } return(true); }
/// <summary> /// This method is ONLY to be used in cases where the SkipTokenSignatureValidation option is turned on /// and we can safely assume that any incoming tokens are valid and their claims can be trusted. /// </summary> /// <param name="tokenValue">The token to be parsed.</param> /// <param name="claimsPrincipal">The resulting claims principal.</param> /// <returns>True if the token can be parsed successfully.</returns> internal static bool GetClaimsPrincipalForPrevalidatedToken(string tokenValue, out ClaimsPrincipal claimsPrincipal) { TokenValidationParameters validationParameters = new TokenValidationParameters { ValidateAudience = true, ValidAudience = ZumoAudienceValue, ValidateIssuer = true, ValidIssuer = ZumoIssuerValue, ValidateLifetime = false, }; SkipSignatureJwtSecurityTokenHandler tokenHandler = new SkipSignatureJwtSecurityTokenHandler(); claimsPrincipal = null; try { SecurityToken validatedToken; claimsPrincipal = tokenHandler.ValidateToken(tokenValue, validationParameters, out validatedToken); } catch (SecurityTokenException) { // can happen if the token fails validation for any reason, // e.g. wrong signature, etc. return false; } catch (ArgumentException) { // happens if the token cannot even be read // i.e. it is malformed return false; } return true; }