private static string CreateJwtToken(ClaimsPrincipal icp, int tokenExpiration) { var signingKey = ConfigurationManager.AppSettings["acsSigningKey"]; var jwtHandler = new JsonWebTokenHandler(); var securityDescriptor = new SecurityTokenDescriptor { Subject = icp.Identities.First(), SigningCredentials = new HmacSigningCredentials(signingKey), TokenIssuerName = ConfigurationManager.AppSettings["acsTokenIssuerName"], Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddMinutes(tokenExpiration)), AppliesToAddress = ConfigurationManager.AppSettings["acsAppliesToAddress"] }; var jwtToken = jwtHandler.CreateToken(securityDescriptor); var newTokenString = jwtHandler.WriteToken(jwtToken); return newTokenString; }
public void HandlerCreateRoundtripSingleClaimTypes() { var signinKey = SymmetricKeyGenerator.Create(32); var identity = new ClaimsIdentity(new List<Claim> { new Claim(ClaimTypes.Name, "dominick"), new Claim(ClaimTypes.Email, "*****@*****.**"), }, "Custom"); var descriptor = new SecurityTokenDescriptor { Subject = identity, SigningCredentials = new HmacSigningCredentials(signinKey), TokenIssuerName = "dominick", Lifetime = new Lifetime(DateTime.UtcNow, DateTime.UtcNow.AddHours(8)), AppliesToAddress = "http://foo.com" }; var handler = new JsonWebTokenHandler(); var token = handler.CreateToken(descriptor); var tokenString = handler.WriteToken(token); Trace.WriteLine(tokenString); // token should not be empty Assert.IsTrue(!string.IsNullOrWhiteSpace(tokenString)); // token with signature needs to be 3 parts var parts = tokenString.Split('.'); Assert.IsTrue(parts.Length == 3, "JWT should have excactly 3 parts"); // signature must be 256 bits var sig = Base64Url.Decode(parts[2]); Assert.IsTrue(sig.Length == 32, "Signature is not 32 bits"); var jwtToken = handler.ReadToken(tokenString); var config = new SecurityTokenHandlerConfiguration(); var registry = new WebTokenIssuerNameRegistry(); registry.AddTrustedIssuer("dominick", "dominick"); config.IssuerNameRegistry = registry; var issuerResolver = new WebTokenIssuerTokenResolver(); issuerResolver.AddSigningKey("dominick", Convert.ToBase64String(signinKey)); config.IssuerTokenResolver = issuerResolver; config.AudienceRestriction.AllowedAudienceUris.Add(new Uri("http://foo.com")); handler.Configuration = config; var identity2 = handler.ValidateToken(jwtToken).First(); Assert.IsTrue(identity.Claims.Count() == 2); //Assert.IsTrue(identity.Claims.First().Issuer == "dominick"); }