static GenericXmlSecurityToken WrapJwt(string jwt) { var subject = new ClaimsIdentity("saml"); subject.AddClaim(new Claim("jwt", jwt)); var descriptor = new SecurityTokenDescriptor { TokenType = TokenTypes.Saml2TokenProfile11, TokenIssuerName = "urn:wrappedjwt", Subject = subject }; var handler = new Saml2SecurityTokenHandler(); var token = handler.CreateToken(descriptor); var xmlToken = new GenericXmlSecurityToken( XElement.Parse(token.ToTokenXmlString()).ToXmlElement(), null, DateTime.Now, DateTime.Now.AddHours(1), null, null, null); return xmlToken; }
public Saml2AssertionFactory(ISaml2AssertionValidationOptions options) { if (options.Audience == null) throw new ArgumentNullException("Audience"); if (options.Recipient == null) throw new ArgumentNullException("Recipient"); if (options.Certificate == null) throw new ArgumentNullException("certificate"); configuration = GetSecurityTokenHandlerConfiguration(options); tokenHandler = new Saml2BearerGrantSecurityTokenHandler(options.Recipient); tokenHandler.Configuration = configuration; }
public string ToXml(Saml2Assertion assertion) { var tokenHandlers = new Saml2SecurityTokenHandler(); var stringBuilder = new StringBuilder(); using (var xmlWriter = new XmlTextWriter(new StringWriter(stringBuilder))) { var token = new Saml2SecurityToken(assertion); tokenHandlers.WriteToken(xmlWriter, token); return stringBuilder.ToString(); } }
/// <summary> /// Authenticates the specified message. /// </summary> /// <returns> /// Returns <see cref="T:System.Collections.ObjectModel.ReadOnlyCollection`1"/>. /// </returns> /// <param name="authPolicy">The authorization policy.</param><param name="listenUri">The URI at which the message was received.</param><param name="message">The message to be authenticated.</param> public override ReadOnlyCollection<IAuthorizationPolicy> Authenticate(ReadOnlyCollection<IAuthorizationPolicy> authPolicy, Uri listenUri, ref Message message) { if (WebOperationContext.Current != null && WebOperationContext.Current.IncomingRequest.Headers["fedAuth"] != null) { var tokenString = WebOperationContext.Current.IncomingRequest.Headers["fedAuth"]; var handler = new Saml2SecurityTokenHandler(); var token = handler.ReadToken(tokenString); var identities = handler.ValidateToken(token); var principal = new ClaimsPrincipal(identities); Thread.CurrentPrincipal = principal; } return base.Authenticate(authPolicy, listenUri, ref message); }
public void CrossToken_ValidateToken() { JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler(); IMSaml2TokenHandler imSaml2Handler = new IMSaml2TokenHandler(); IMSamlTokenHandler imSamlHandler = new IMSamlTokenHandler(); SMSaml2TokenHandler smSaml2Handler = new SMSaml2TokenHandler(); SMSamlTokenHandler smSamlHandler = new SMSamlTokenHandler(); JwtSecurityTokenHandler.InboundClaimFilter.Add("aud"); JwtSecurityTokenHandler.InboundClaimFilter.Add("exp"); JwtSecurityTokenHandler.InboundClaimFilter.Add("iat"); JwtSecurityTokenHandler.InboundClaimFilter.Add("iss"); JwtSecurityTokenHandler.InboundClaimFilter.Add("nbf"); string jwtToken = IdentityUtilities.CreateJwtToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, jwtHandler); // saml tokens created using Microsoft.IdentityModel.Extensions string imSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSaml2Handler); string imSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSamlHandler); // saml tokens created using System.IdentityModel.Tokens string smSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSaml2Handler); string smSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSamlHandler); ClaimsPrincipal jwtPrincipal = ValidateToken(jwtToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, jwtHandler, ExpectedException.NoExceptionExpected); ClaimsPrincipal imSaml2Principal = ValidateToken(imSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected); ClaimsPrincipal imSamlPrincipal = ValidateToken(imSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected); ClaimsPrincipal smSaml2Principal = ValidateToken(smSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected); ClaimsPrincipal smSamlPrincipal = ValidateToken(smSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected); Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(imSamlPrincipal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(smSamlPrincipal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(smSaml2Principal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); // false = ignore type of objects, we expect all objects in the principal to be of same type (no derived types) // true = ignore subject, claims have a backpointer to their ClaimsIdentity. Most of the time this will be different as we are comparing two different ClaimsIdentities. // true = ignore properties of claims, any mapped claims short to long for JWT's will have a property that represents the short type. Assert.IsTrue(IdentityComparer.AreEqual <ClaimsPrincipal>(jwtPrincipal, imSaml2Principal, new CompareContext { IgnoreType = false, IgnoreSubject = true, IgnoreProperties = true })); JwtSecurityTokenHandler.InboundClaimFilter.Clear(); }
/// <summary> /// Initializes an instance of <see cref="WrappedSaml2SecurityTokenAuthenticator"/> /// </summary> /// <param name="saml2SecurityTokenHandler">The Saml2SecurityTokenHandler to wrap.</param> /// <param name="exceptionMapper">Converts token validation exceptions to SOAP faults.</param> public WrappedSaml2SecurityTokenAuthenticator( Saml2SecurityTokenHandler saml2SecurityTokenHandler, ExceptionMapper exceptionMapper ) { if ( saml2SecurityTokenHandler == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "wrappedSaml2SecurityTokenHandler" ); } if ( exceptionMapper == null ) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull( "exceptionMapper" ); } _wrappedSaml2SecurityTokenHandler = saml2SecurityTokenHandler; _exceptionMapper = exceptionMapper; }
public static string CreateSaml2Token(string name) { var id = new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Name, name) }, "SAML"); var descriptor = new SecurityTokenDescriptor { Subject = id, AppliesToAddress = "https://test", TokenIssuerName = "http://issuer", SigningCredentials = GetSamlSigningCredential(), }; var handler = new Saml2SecurityTokenHandler(); handler.Configuration = new SecurityTokenHandlerConfiguration(); var token = handler.CreateToken(descriptor); return token.ToTokenXmlString(); }
private static SecurityToken GenerateHardcodedToken() { var securityTokenDescriptor = new SecurityTokenDescriptor(); securityTokenDescriptor.Subject = ClaimsPrincipal.Current.Identity as ClaimsIdentity; securityTokenDescriptor.Lifetime = new Lifetime(DateTime.Now, DateTime.Now.AddDays(2)); securityTokenDescriptor.TokenIssuerName = "http://identityserver.v2.thinktecture.com/trust/changethis"; securityTokenDescriptor.AppliesToAddress = "https://windows7:444/identity/wstrust/bearer"; securityTokenDescriptor.SigningCredentials = GenerateSigningCredentials(); Saml2SecurityTokenHandler saml2SecurityTokenHandler = new Saml2SecurityTokenHandler(); var saml2SecurityToken = saml2SecurityTokenHandler.CreateToken(securityTokenDescriptor) as Saml2SecurityToken; var authenticationMethod = "urn:oasis:names:tc:SAML:2.0:ac:classes:Password"; var authenticationContext = new Saml2AuthenticationContext(new Uri(authenticationMethod)); saml2SecurityToken.Assertion.Statements.Add(new Saml2AuthenticationStatement(authenticationContext)); return saml2SecurityToken; }
public void CrossToken_ValidateToken() { JwtSecurityTokenHandler jwtHandler = new JwtSecurityTokenHandler(); IMSaml2TokenHandler imSaml2Handler = new IMSaml2TokenHandler(); IMSamlTokenHandler imSamlHandler = new IMSamlTokenHandler(); SMSaml2TokenHandler smSaml2Handler = new SMSaml2TokenHandler(); SMSamlTokenHandler smSamlHandler = new SMSamlTokenHandler(); JwtSecurityTokenHandler.InboundClaimFilter.Add("aud"); JwtSecurityTokenHandler.InboundClaimFilter.Add("exp"); JwtSecurityTokenHandler.InboundClaimFilter.Add("iat"); JwtSecurityTokenHandler.InboundClaimFilter.Add("iss"); JwtSecurityTokenHandler.InboundClaimFilter.Add("nbf"); string jwtToken = IdentityUtilities.CreateJwtToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, jwtHandler); // saml tokens created using Microsoft.IdentityModel.Extensions string imSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSaml2Handler); string imSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, imSamlHandler); // saml tokens created using System.IdentityModel.Tokens string smSaml2Token = IdentityUtilities.CreateSaml2Token(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSaml2Handler); string smSamlToken = IdentityUtilities.CreateSamlToken(IdentityUtilities.DefaultAsymmetricSecurityTokenDescriptor, smSamlHandler); ClaimsPrincipal jwtPrincipal = ValidateToken(jwtToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, jwtHandler, ExpectedException.NoExceptionExpected); ClaimsPrincipal imSaml2Principal = ValidateToken(imSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected); ClaimsPrincipal imSamlPrincipal = ValidateToken(imSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected); ClaimsPrincipal smSaml2Principal = ValidateToken(smSaml2Token, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSaml2Handler, ExpectedException.NoExceptionExpected); ClaimsPrincipal smSamlPrincipal = ValidateToken(smSamlToken, IdentityUtilities.DefaultAsymmetricTokenValidationParameters, imSamlHandler, ExpectedException.NoExceptionExpected); Assert.IsTrue(IdentityComparer.AreEqual<ClaimsPrincipal>(imSamlPrincipal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); Assert.IsTrue(IdentityComparer.AreEqual<ClaimsPrincipal>(smSamlPrincipal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); Assert.IsTrue(IdentityComparer.AreEqual<ClaimsPrincipal>(smSaml2Principal, imSaml2Principal, new CompareContext { IgnoreSubject = true })); // false = ignore type of objects, we expect all objects in the principal to be of same type (no derived types) // true = ignore subject, claims have a backpointer to their ClaimsIdentity. Most of the time this will be different as we are comparing two different ClaimsIdentities. // true = ignore properties of claims, any mapped claims short to long for JWT's will have a property that represents the short type. Assert.IsTrue(IdentityComparer.AreEqual<ClaimsPrincipal>(jwtPrincipal, imSaml2Principal, new CompareContext{IgnoreType = false, IgnoreSubject = true, IgnoreProperties=true})); JwtSecurityTokenHandler.InboundClaimFilter.Clear(); }
static void Main(string[] args) { Console.SetWindowSize(Console.LargestWindowWidth / 2, Console.LargestWindowHeight / 2); Console.WriteLine("Requesting security token from \"{0}\" for resource \"{1}\"...", PF_IP_STS_Endpoint, IPSTS_appliesTo); Console.WriteLine(); try { // To Issue the initial token (ie the Web Services Client (WSC) doing its thing, we are going to auth with a username and a password // Issue the initial SAML token RequestSecurityTokenResponse RSTR_Issue; SecurityToken token = IssueTokenWithUserNamePassword(subject_username, subject_password, PF_IP_STS_Endpoint, IPSTS_appliesTo, out RSTR_Issue, KeyTypes.Bearer); // When using Asymmetric Key (HoK) - we need to supply a UseKey // When using Symmetric Key (HoK) - SP Encryption cert is not defined - unless encryption key available to use as subj confirmation if (token != null) { //show the token Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("{0}", token); Console.WriteLine(); Console.WriteLine("{0}", RSTR_Issue.RequestedSecurityToken.SecurityTokenXml.InnerXml); Console.WriteLine(); // At this point we received a token from our STS. We can now use it to authenticate to our web service using it as an IssuedToken. // ... here is where the WSP kicks in... // Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(); Console.WriteLine("Do you want to validate the security token? [Y]"); if (Console.ReadKey(true).Key == ConsoleKey.Y) { Console.WriteLine("Validating security token with \"{0}\"...", PF_RP_STS_Endpoint); Console.WriteLine(); // We are acting as the WSP now. We want to Validate the SAML token against PingFederate's STS RequestSecurityTokenResponse RSTR_Validate = ValidateSecurityToken(token, PF_RP_STS_Endpoint); // This will return: // http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid or // http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/invalid Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("{0}", RSTR_Validate.Status.Code); Console.WriteLine(); // So we have a valid token supplied by the web services client.... we can grab the claims from there and do as we wish... or.. we can issue a local token Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(); Console.WriteLine("Do you want to issue a local security token? [Y]"); if (Console.ReadKey(true).Key == ConsoleKey.Y) { Console.WriteLine("Requesting \"{0}\" security token from \"{1}\"...", tokenType, PF_RP_STS_Endpoint); Console.WriteLine(); // We need to make a call to our RP-STS (SP side of PF) to issue a local token (according to our Token Generator) //SecurityToken localToken = IssueLocalSecurityToken(token, RPSTS_issuerUri, RPSTS_appliesTo, tokenType, keyType); // I'm going to receive it as a GenericXmlSecurityToken so we can parse it easier later on... RequestSecurityTokenResponse RSTR_LocalToken; GenericXmlSecurityToken xmlToken = (GenericXmlSecurityToken)IssueLocalSecurityToken(token, PF_RP_STS_Endpoint, tokenType, out RSTR_LocalToken); if (xmlToken != null) { //show the token Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("{0}", xmlToken); // parse token to grab the attributes: if (tokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0") { // Configure the IssuerNameRegistry ConfigurationBasedIssuerNameRegistry myIssuerNameRegistry = new ConfigurationBasedIssuerNameRegistry(); myIssuerNameRegistry.AddTrustedIssuer(PF_Signing_Cert_Thumbprint, "RP-STS"); // this is the dsig cert (of my RP-STS) SHA1 thumbprint | name //inr.AddTrustedIssuer("97463668CD4482AFAC7F341A1C3ABB1010757800", "localhost"); // this is the encryption cert (of my RP-STS - bearer token isn't encrypted tho) // Define the "verification configuration" SecurityTokenHandlerConfiguration securityTokenHanderConfig = new SecurityTokenHandlerConfiguration(); securityTokenHanderConfig.AudienceRestriction.AllowedAudienceUris.Add(new Uri("https://www.app.com")); // the Audience defined in the Token Generator Saml2SecurityTokenHandler saml2TokenHandler = new Saml2SecurityTokenHandler(); securityTokenHanderConfig.IssuerNameRegistry = myIssuerNameRegistry; saml2TokenHandler.Configuration = securityTokenHanderConfig; // Parse the token and return a Claims Identity SecurityToken saml2Token = saml2TokenHandler.ReadToken(new XmlTextReader(new StringReader(xmlToken.TokenXml.OuterXml))); ClaimsIdentity identity = saml2TokenHandler.ValidateToken(saml2Token).First(); // Spit out the Claims Console.WriteLine("Attributes in the Assertion....."); Console.WriteLine("{0}", identity.Name); foreach (Claim theClaim in identity.Claims) { Console.WriteLine("{0} : {1}", theClaim.Type, theClaim.Value); } } else if (tokenType == "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0") { } } } } } } catch (Exception ex) { ConsoleColor PreviousColor = Console.ForegroundColor; Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine(ex.Message); if (ex.InnerException != null) { Console.WriteLine(); Console.WriteLine(ex.InnerException.Message); } Console.ForegroundColor = PreviousColor; } Console.ForegroundColor = ConsoleColor.White; Console.WriteLine(); Console.WriteLine(); Console.WriteLine("Press <enter> to close."); Console.Read(); }
public void Saml2Response_GetClaims_CorrectEncryptedSingleAssertion_UsingWIF() { var response = @"<saml2p:Response xmlns:saml2p=""urn:oasis:names:tc:SAML:2.0:protocol"" xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"" ID = """ + MethodBase.GetCurrentMethod().Name + @""" Version=""2.0"" IssueInstant=""2013-01-01T00:00:00Z""> <saml2:Issuer>https://idp.example.com</saml2:Issuer> <saml2p:Status> <saml2p:StatusCode Value=""urn:oasis:names:tc:SAML:2.0:status:Success"" /> </saml2p:Status> {0} </saml2p:Response>"; var assertion = new Saml2Assertion(new Saml2NameIdentifier("https://idp.example.com")); assertion.Subject = new Saml2Subject(new Saml2NameIdentifier("WIFUser")); assertion.Subject.SubjectConfirmations.Add(new Saml2SubjectConfirmation(new Uri("urn:oasis:names:tc:SAML:2.0:cm:bearer"))); assertion.Conditions = new Saml2Conditions { NotOnOrAfter = new DateTime(2100, 1, 1) }; var token = new Saml2SecurityToken(assertion); var handler = new Saml2SecurityTokenHandler(); assertion.SigningCredentials = new X509SigningCredentials(SignedXmlHelper.TestCert, signatureAlgorithm: SecurityAlgorithms.RsaSha1Signature, digestAlgorithm: SecurityAlgorithms.Sha1Digest); assertion.EncryptingCredentials = new EncryptedKeyEncryptingCredentials( SignedXmlHelper.TestCert2, keyWrappingAlgorithm: SecurityAlgorithms.RsaOaepKeyWrap, keySizeInBits: 256, encryptionAlgorithm: SecurityAlgorithms.Aes192Encryption); string assertionXml = String.Empty; using (var sw = new StringWriter()) { using (var xw = XmlWriter.Create(sw, new XmlWriterSettings { OmitXmlDeclaration = true })) { handler.WriteToken(xw, token); } assertionXml = sw.ToString(); } var responseWithAssertion = string.Format(response, assertionXml); var claims = Saml2Response.Read(responseWithAssertion).GetClaims(Options.FromConfiguration); claims.Count().Should().Be(1); claims.First().FindFirst(ClaimTypes.NameIdentifier).Value.Should().Be("WIFUser"); }
public WrappedSerializer(Saml2SecurityTokenHandler parent, Saml2Assertion assertion) { this.assertion = assertion; this.parent = parent; }
private void CreateSaml2Tokens( SecurityTokenDescriptor tokenDescriptor ) { Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken; MemoryStream ms = new MemoryStream(); XmlDictionaryWriter writer = XmlDictionaryWriter.CreateTextWriter( ms ); samlTokenHandler.WriteToken( writer, token ); }
private void RunValidationTests( SecurityTokenDescriptor tokenDescriptor, SecurityToken securityToken, SecurityKey key, int iterations, bool display = true ) { // Create jwts using wif // Create Saml2 tokens // Create Saml tokens DateTime started; string validating = "Validating, signed: '{0}', '{1}' Tokens. Time: '{2}'"; SetReturnSecurityTokenResolver str = new Test.SetReturnSecurityTokenResolver( securityToken, key ); SecurityTokenHandlerConfiguration tokenHandlerConfiguration = new SecurityTokenHandlerConfiguration() { IssuerTokenResolver = str, SaveBootstrapContext = true, CertificateValidator = AlwaysSucceedCertificateValidator.New, AudienceRestriction = new AudienceRestriction( AudienceUriMode.Never ), IssuerNameRegistry = new SetNameIssuerNameRegistry( Issuers.GotJwt ), }; Saml2SecurityTokenHandler samlTokenHandler = new Saml2SecurityTokenHandler(); Saml2SecurityToken token = samlTokenHandler.CreateToken( tokenDescriptor ) as Saml2SecurityToken; StringBuilder sb = new StringBuilder(); XmlWriter writer = XmlWriter.Create(sb); samlTokenHandler.WriteToken( writer, token ); writer.Flush(); writer.Close(); string tokenXml = sb.ToString(); samlTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for ( int i = 0; i < iterations; i++ ) { StringReader sr = new StringReader( tokenXml ); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) ); reader.MoveToContent(); SecurityToken saml2Token = samlTokenHandler.ReadToken( reader ); samlTokenHandler.ValidateToken( saml2Token ); } if ( display ) { Console.WriteLine( string.Format( validating, "Saml2SecurityTokenHandler", iterations, DateTime.UtcNow - started ) ); } JwtSecurityTokenHandler jwtTokenHandler = new JwtSecurityTokenHandler(); JwtSecurityToken jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken; jwtTokenHandler.Configuration = tokenHandlerConfiguration; started = DateTime.UtcNow; for ( int i = 0; i < iterations; i++ ) { jwtTokenHandler.ValidateToken( jwt.RawData ); } if ( display ) { Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ValidateToken( jwt.RawData )", iterations, DateTime.UtcNow - started ) ); } jwt = jwtTokenHandler.CreateToken( tokenDescriptor ) as JwtSecurityToken; sb = new StringBuilder(); writer = XmlWriter.Create(sb); jwtTokenHandler.WriteToken( writer, jwt ); writer.Flush(); writer.Close(); tokenXml = sb.ToString(); started = DateTime.UtcNow; for ( int i = 0; i<iterations; i++ ) { StringReader sr = new StringReader( tokenXml ); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) ); reader.MoveToContent(); SecurityToken jwtToken = jwtTokenHandler.ReadToken( reader ); jwtTokenHandler.ValidateToken( jwtToken ); } if ( display ) { Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken )", iterations, DateTime.UtcNow - started ) ); } started = DateTime.UtcNow; for ( int i = 0; i < iterations; i++ ) { StringReader sr = new StringReader( tokenXml ); XmlDictionaryReader reader = XmlDictionaryReader.CreateDictionaryReader( XmlReader.Create( sr ) ); reader.MoveToContent(); JwtSecurityToken jwtToken = jwtTokenHandler.ReadToken( reader ) as JwtSecurityToken; jwtTokenHandler.ValidateToken( jwtToken.RawData ); } if ( display ) { Console.WriteLine( string.Format( validating, "JwtSecurityTokenHandle - ReadToken( reader ), ValidateToken( jwtToken.RawData )", iterations, DateTime.UtcNow - started ) ); } }