public void ManualWriteNoSig() { var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.None }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 500000, Claims = new List<Claim> { new Claim(ClaimTypes.Name, "dominick"), new Claim(ClaimTypes.Email, "*****@*****.**") } }; var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); Trace.WriteLine(token); Assert.IsTrue(!string.IsNullOrWhiteSpace(token)); var parts = token.Split('.'); Assert.IsTrue(parts.Length == 2, "JWT should have excactly 2 parts"); }
private void CreateTokenButton_Click(object sender, RoutedEventArgs e) { var principal = Principal.Create("InMemory", new Claim(ClaimTypes.Name, UserName.Text)); var tokenType = GetTokenType(); var sts = new STS(); SecurityToken token; var success = sts.TryIssueToken( new EndpointReference(Realm.Text), principal, tokenType, out token); if (success) { if (tokenType == TokenTypes.Saml2TokenProfile11 || tokenType == TokenTypes.Saml11TokenProfile11) { var xml = token.ToTokenXmlString(); Output.Text = XElement.Parse(xml).ToString(); } if (tokenType == TokenTypes.JsonWebToken) { var tokenString = new JsonWebTokenHandler().WriteToken(token); Output.Text = tokenString; } } else { throw new Exception("Error"); } }
public void ValidUserNameCredentialWithTokenValidation() { var client = new OAuth2Client(new Uri(baseAddress)); var response = client.RequestAccessTokenUserName( Constants.Credentials.ValidUserName, Constants.Credentials.ValidPassword, scope); Assert.IsTrue(response != null, "response is null"); Assert.IsTrue(!string.IsNullOrWhiteSpace(response.AccessToken), "access token is null"); Assert.IsTrue(!string.IsNullOrWhiteSpace(response.TokenType), "token type is null"); Assert.IsTrue(response.ExpiresIn > 0, "expiresIn is 0"); Trace.WriteLine(response.AccessToken); var config = new SecurityTokenHandlerConfiguration(); var registry = new WebTokenIssuerNameRegistry(); registry.AddTrustedIssuer("http://identityserver45.thinktecture.com/trust/changethis", "http://identityserver45.thinktecture.com/trust/initial"); config.IssuerNameRegistry = registry; var issuerResolver = new WebTokenIssuerTokenResolver(); issuerResolver.AddSigningKey("http://identityserver45.thinktecture.com/trust/changethis", "3ihK5qGVhp8ptIk9+TDucXQW4Aaengg3d5m6gU8nzc8="); config.IssuerTokenResolver = issuerResolver; config.AudienceRestriction.AllowedAudienceUris.Add(new Uri(scope)); var handler = new JsonWebTokenHandler(); handler.Configuration = config; var jwt = handler.ReadToken(response.AccessToken); var id = handler.ValidateToken(jwt); }
private static string CreateJsonWebToken() { var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256, SigningCredentials = new HmacSigningCredentials(Constants.IdSrvSymmetricSigningKey) }, Issuer = "http://selfissued.test", Audience = new Uri(Constants.Realm), Claims = new List<Sys.Claim> { new Sys.Claim(Sys.ClaimTypes.Name, "bob"), new Sys.Claim(Sys.ClaimTypes.Email, "*****@*****.**") } }; var handler = new JsonWebTokenHandler(); return handler.WriteToken(jwt); }
public void ManualWriteHmacSha256MissingSigningCredentials() { var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256 }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 500000, Claims = new List<Claim> { new Claim(ClaimTypes.Name, "dominick"), new Claim(ClaimTypes.Email, "*****@*****.**") } }; var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); }
public void ManualWriteHmacSha256ValidSigningCredentials() { var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256, SigningCredentials = new HmacSigningCredentials(SymmetricKeyGenerator.Create(32)) }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 500000, Claims = new List<Claim> { new Claim(ClaimTypes.Name, "dominick"), new Claim(ClaimTypes.Email, "*****@*****.**") } }; var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); Trace.WriteLine(token); // token should not be empty Assert.IsTrue(!string.IsNullOrWhiteSpace(token)); // token with signature needs to be 3 parts var parts = token.Split('.'); Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts"); // signature must be 256 bits var sig = Base64Url.Decode(parts[2]); Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits"); }
public void ManualWriteUnsupportedSignatureAlgorithm() { var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = "unsupported", SigningCredentials = new HmacSigningCredentials(SymmetricKeyGenerator.Create(48)) }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 500000, Claims = new List<Claim> { new Claim(ClaimTypes.Name, "dominick"), new Claim(ClaimTypes.Email, "*****@*****.**") } }; var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); }
private static string CreateJwtToken(ClaimsPrincipal icp, int tokenExpiration) { var signingKey = ConfigurationManager.AppSettings["acsSigningKey"]; var jwtHandler = new JsonWebTokenHandler(); var securityDescriptor = new SecurityTokenDescriptor { Subject = icp.Identities.First(), SigningCredentials = new HmacSigningCredentials(signingKey), TokenIssuerName = ConfigurationManager.AppSettings["acsTokenIssuerName"], Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(tokenExpiration)), AppliesToAddress = ConfigurationManager.AppSettings["acsAppliesToAddress"] }; var jwtToken = jwtHandler.CreateToken(securityDescriptor); var newTokenString = jwtHandler.WriteToken(jwtToken); return newTokenString; }
public void ManualWriteRoundtripDuplicateClaimTypes() { var signinKey = SymmetricKeyGenerator.Create(32); var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256, SigningCredentials = new HmacSigningCredentials(signinKey) }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 50000000000, }; jwt.AddClaim(ClaimTypes.Name, "dominick"); jwt.AddClaim(ClaimTypes.Email, "*****@*****.**"); jwt.AddClaim(ClaimTypes.Role, "bar"); jwt.AddClaim(ClaimTypes.Role, "foo"); var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); Trace.WriteLine(token); // token should not be empty Assert.IsTrue(!string.IsNullOrWhiteSpace(token)); // token with signature needs to be 3 parts var parts = token.Split('.'); Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts"); // signature must be 256 bits var sig = Base64Url.Decode(parts[2]); Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits"); var jwtToken = handler.ReadToken(token); var config = new SecurityTokenHandlerConfiguration(); var registry = new WebTokenIssuerNameRegistry(); registry.AddTrustedIssuer("dominick", "dominick"); config.IssuerNameRegistry = registry; var issuerResolver = new WebTokenIssuerTokenResolver(); issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey)); config.IssuerTokenResolver = issuerResolver; config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com")); handler.Configuration = config; var identity = handler.ValidateToken(jwtToken).First(); Assert.IsTrue(identity.Claims.Count() == 4); Assert.IsTrue(identity.Claims.First().Issuer == "dominick"); }
public void ManualWriteHmacSha256KeySizeMismatch() { var jwt = new JsonWebToken { Header = new JwtHeader { SignatureAlgorithm = JwtConstants.SignatureAlgorithms.HMACSHA256, SigningCredentials = new HmacSigningCredentials(SymmetricKeyGenerator.Create(48)) }, Audience = new Uri("http://foo.com"), Issuer = "dominick", ExpirationTime = 500000, Claims = new Dictionary<string, string> { { ClaimTypes.Name, "dominick" }, { ClaimTypes.Email, "*****@*****.**" } } }; var handler = new JsonWebTokenHandler(); var token = handler.WriteToken(jwt); }
public void HandlerCreateRoundtripSingleClaimTypes() { var signinKey = SymmetricKeyGenerator.Create(32); var identity = new ClaimsIdentity(new List<Claim> { new Claim(ClaimTypes.Name, "dominick"), new Claim(ClaimTypes.Email, "*****@*****.**"), }, "Custom"); var descriptor = new SecurityTokenDescriptor { Subject = identity, SigningCredentials = new HmacSigningCredentials(signinKey), TokenIssuerName = "dominick", Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(8)), AppliesToAddress = "http://foo.com" }; var handler = new JsonWebTokenHandler(); var token = handler.CreateToken(descriptor); var tokenString = handler.WriteToken(token); Trace.WriteLine(tokenString); // token should not be empty Assert.IsTrue(!string.IsNullOrWhiteSpace(tokenString)); // token with signature needs to be 3 parts var parts = tokenString.Split('.'); Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts"); // signature must be 256 bits var sig = Base64Url.Decode(parts[2]); Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits"); var jwtToken = handler.ReadToken(tokenString); var config = new SecurityTokenHandlerConfiguration(); var registry = new WebTokenIssuerNameRegistry(); registry.AddTrustedIssuer("dominick", "dominick"); config.IssuerNameRegistry = registry; var issuerResolver = new WebTokenIssuerTokenResolver(); issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey)); config.IssuerTokenResolver = issuerResolver; config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com")); handler.Configuration = config; var identity2 = handler.ValidateToken(jwtToken).First(); Assert.IsTrue(identity.Claims.Count() == 2); //Assert.IsTrue(identity.Claims.First().Issuer == "dominick"); }