示例#1
0
        public HttpStatusCode ValidatePrincipal(HttpRequest request)
        {
            HttpStatusCode statusCode = HttpStatusCode.Unauthorized;
            string         token      = string.Empty;

            if (!JWTTokenHandler.tryRetrieveToken(request, out token))
            {
                return(statusCode);
            }
            try {
                JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();
                // interesting initialization syntax here...
                // Fetch the signing token from the FederationMetadata document of the tenant.
                TokenValidationParameters parameters = new TokenValidationParameters()
                {
                    AllowedAudience = allowedAudience,
                    ValidIssuer     = tenant,
                    SigningToken    = new X509SecurityToken(new X509Certificate2(JWTTokenHandler.signingCertificate(federationMetadataEndpoint)))
                };
                // Set the ClaimsPrincipal returned by ValidateToken to Thread.CurrentPrincipal and HttpContext.Current.User
                HttpContext.Current.User = Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, parameters);
                statusCode = HttpStatusCode.OK;
            } catch (SecurityTokenValidationException) { statusCode = HttpStatusCode.Unauthorized; } catch (Exception) { statusCode = HttpStatusCode.InternalServerError; }
            return(statusCode);
        }
示例#2
0
        // I don't know exactly what's up here other than the standard for which claim is the 'name' changed at some point.
        //protected override string NameIdentifierClaimType(JWTSecurityToken jwt) { return ClaimTypes.GivenName; }
        //protected override string NameIdentifierClaimType(JwtSecurityToken jwt) { return ClaimTypes.Name; }

//		public override ClaimsPrincipal ValidateToken(JwtSecurityToken jwt, TokenValidationParameters validationParameters) {
        public override ClaimsPrincipal ValidateToken(JwtSecurityToken jwt)
        {
            if (string.IsNullOrEmpty(allowedAudience))
            {
                allowedAudience = ConfigurationManager.GetSetting("AllowedAudience");
            }
            if (string.IsNullOrEmpty(tenant))
            {
                tenant = ConfigurationManager.GetSetting("Tenant");
            }
            if (string.IsNullOrEmpty(federationMetadataEndpoint))
            {
                federationMetadataEndpoint = ConfigurationManager.GetSetting("FedMetadataEndpoint");
            }
            TokenValidationParameters validationParameters = new TokenValidationParameters();

            validationParameters.AllowedAudience = allowedAudience;
            validationParameters.ValidIssuer     = tenant;
            validationParameters.SigningToken    = new X509SecurityToken(new X509Certificate2(JWTTokenHandler.signingCertificate(federationMetadataEndpoint)));
            ClaimsPrincipal cp = base.ValidateToken(jwt, validationParameters);

            // This call makes the raw claims information available to the web page
            // which in turn can make the information available to javaScript for subsequent AJAX
            (cp.Identity as ClaimsIdentity).AddClaim(new Claim("raw", jwt.RawData));
            return(cp);
        }