private void ValidateAudience() { Saml2SecurityTokenHandler tokenHandler = new Saml2SecurityTokenHandler(); ExpectedException expectedException; string samlString = IdentityUtilities.CreateSaml2Token(); TokenValidationParameters validationParameters = new TokenValidationParameters { IssuerSigningToken = IdentityUtilities.DefaultAsymmetricSigningToken, RequireExpirationTime = false, RequireSignedTokens = false, ValidIssuer = IdentityUtilities.DefaultIssuer, }; // Do not validate audience validationParameters.ValidateAudience = false; expectedException = ExpectedException.NoExceptionExpected; TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); // no valid audiences validationParameters.ValidateAudience = true; expectedException = ExpectedException.SecurityTokenInvalidAudienceException("IDX10208"); TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); validationParameters.ValidateAudience = true; validationParameters.ValidAudience = "John"; expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214"); TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); // UriKind.Absolute, no match. validationParameters.ValidateAudience = true; validationParameters.ValidAudience = IdentityUtilities.NotDefaultAudience; expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214"); TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); expectedException = ExpectedException.NoExceptionExpected; validationParameters.ValidAudience = IdentityUtilities.DefaultAudience; validationParameters.ValidAudiences = null; TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); // !UriKind.Absolute List <string> audiences = new List <string> { "John", "Paul", "George", "Ringo" }; validationParameters.ValidAudience = null; validationParameters.ValidAudiences = audiences; validationParameters.ValidateAudience = false; expectedException = ExpectedException.NoExceptionExpected; TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); // UriKind.Absolute, no match audiences = new List <string> { "http://www.John.com", "http://www.Paul.com", "http://www.George.com", "http://www.Ringo.com", " " }; validationParameters.ValidAudience = null; validationParameters.ValidAudiences = audiences; validationParameters.ValidateAudience = false; expectedException = ExpectedException.NoExceptionExpected; TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); validationParameters.ValidateAudience = true; expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10214"); TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); validationParameters.ValidateAudience = true; expectedException = ExpectedException.NoExceptionExpected; audiences.Add(IdentityUtilities.DefaultAudience); TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); validationParameters.AudienceValidator = (aud, token, tvp) => { return(false); }; expectedException = new ExpectedException(typeExpected: typeof(SecurityTokenInvalidAudienceException), substringExpected: "IDX10231:"); audiences.Add(IdentityUtilities.DefaultAudience); TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: expectedException); validationParameters.ValidateAudience = false; validationParameters.AudienceValidator = IdentityUtilities.AudienceValidatorThrows; TestUtilities.ValidateToken(securityToken: samlString, validationParameters: validationParameters, tokenValidator: tokenHandler, expectedException: ExpectedException.NoExceptionExpected); }