/// <summary> /// Configure message handlers to use JwtBasedSecurityMessageHandler as /// SecurityMessageHandler for all the requests /// </summary> /// <param name="config">The config</param> /// <param name="options">The jwt validation options</param> /// <param name="forceAuthentication">Indicates whether or not authentication must be enforced</param> public static void UseJwtAuthentication( this HttpConfiguration config, JwtValidationOptions options, bool forceAuthentication = false) { config.MessageHandlers.Add( new JwtBasedSecurityMessageHandler(options, forceAuthentication)); }
/// <summary> /// Constructor /// </summary> /// <param name="options">Options to validate then token when presents</param> /// <param name="forceAuthentication">Indicates whether or not the token must be present to process the request</param> public JwtBasedSecurityMessageHandler( JwtValidationOptions options, bool forceAuthentication = false) { options.NotNull(nameof(options)); Options = options; ForceAuthentication = forceAuthentication; }
private static TokenValidationParameters GetValidationParameters( JwtValidationOptions options) { var parameters = new TokenValidationParameters { RequireExpirationTime = options.RequireExpirationTime, RequireSignedTokens = !options.SigningKey.IsNullOrEmpty(), ValidateAudience = false, ValidateIssuer = false, ValidateLifetime = options.RequireExpirationTime, }; if (!options.SigningKey.IsNullOrEmpty()) parameters.IssuerSigningKey = new InMemorySymmetricSecurityKey( Convert.FromBase64String(options.SigningKey)); return parameters; }
public static bool TryValidateToken( this JwtSecurityTokenHandler handler, string securityToken, JwtValidationOptions options, out IPrincipal principal) { try { principal = handler .RetrievePrincipal(securityToken, GetValidationParameters(options)); } catch (SecurityTokenValidationException) { principal = null; } return principal.IsNotNull(); }
private static Task<HttpResponseMessage> SendAsync( JwtSecurityTokenHandler tokenHandler, JwtValidationOptions options = null, Action<HttpRequestMessage, IPrincipal> assignPrincipalAction = null) { return new HttpMessageInvoker( CreateSubjectUnderTest(false, null, tokenHandler, options ?? new JwtValidationOptions(), assignPrincipalAction)) .SendAsync( GetHttpRequestMessage(ObjectMother.Create<string>()), It.IsAny<CancellationToken>()); }
private static JwtBasedSecurityMessageHandler CreateSubjectUnderTest( bool forceAuthentication, HttpResponseMessage response, JwtSecurityTokenHandler tokenHandler, JwtValidationOptions options = null, Action<HttpRequestMessage, IPrincipal> assignPrincipalAction = null) { IPrincipal principal; if (assignPrincipalAction.IsNull()) assignPrincipalAction = (r, p) => principal = p; var sut = new JwtBasedSecurityMessageHandler( options ?? new JwtValidationOptions(), forceAuthentication); sut.InnerHandler = new TestHandler(response); sut.SetSecurityTokenHandlerFactory(() => tokenHandler); sut.SetAssignPrincipalFactory(assignPrincipalAction); return sut; }