本文整理汇总了C#中System.IdentityModel.Tokens.TokenValidationParameters.IssuerSigningKeyResolver方法的典型用法代码示例。如果您正苦于以下问题:C# TokenValidationParameters.IssuerSigningKeyResolver方法的具体用法?C# TokenValidationParameters.IssuerSigningKeyResolver怎么用?C# TokenValidationParameters.IssuerSigningKeyResolver使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类System.IdentityModel.Tokens.TokenValidationParameters
的用法示例。
在下文中一共展示了TokenValidationParameters.IssuerSigningKeyResolver方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C#代码示例。
示例1: ValidateSignature
/// <summary>
/// Validates that the signature, if found and / or required is valid.
/// </summary>
/// <param name="token">A 'JSON Web Token' (JWT) that has been encoded as a JSON object. May be signed
/// using 'JSON Web Signature' (JWS).</param>
/// <param name="validationParameters"><see cref="TokenValidationParameters"/> that contains signing keys.</param>
/// <exception cref="ArgumentNullException"> thrown if 'token is null or whitespace.</exception>
/// <exception cref="ArgumentNullException"> thrown if 'validationParameters is null.</exception>
/// <exception cref="SecurityTokenValidationException"> thrown if a signature is not found and <see cref="TokenValidationParameters.RequireSignedTokens"/> is true.</exception>
/// <exception cref="SecurityTokenSignatureKeyNotFoundException"> thrown if the 'token' has a key identifier and none of the <see cref="SecurityKey"/>(s) provided result in a validated signature.
/// This can indicate that a key refresh is required.</exception>
/// <exception cref="SignatureVerificationFailedException"> thrown if after trying all the <see cref="SecurityKey"/>(s), none result in a validated signture AND the 'token' does not have a key identifier.</exception>
/// <returns><see cref="JwtSecurityToken"/> that has the signature validated if token was signed and <see cref="TokenValidationParameters.RequireSignedTokens"/> is true.</returns>
/// <remarks><para>If the 'token' is signed, the signature is validated even if <see cref="TokenValidationParameters.RequireSignedTokens"/> is false.</para>
/// <para>If the 'token' signature is validated, then the <see cref="JwtSecurityToken.SigningKey"/> will be set to the key that signed the 'token'.</para></remarks>
protected virtual JwtSecurityToken ValidateSignature(string token, TokenValidationParameters validationParameters)
{
if (string.IsNullOrWhiteSpace(token))
{
throw new ArgumentNullException("token");
}
if (validationParameters == null)
{
throw new ArgumentNullException("validationParameters");
}
JwtSecurityToken jwt = this.ReadToken(token) as JwtSecurityToken;
byte[] encodedBytes = Encoding.UTF8.GetBytes(jwt.RawHeader + "." + jwt.RawPayload);
byte[] signatureBytes = Base64UrlEncoder.DecodeBytes(jwt.RawSignature);
if (signatureBytes == null)
{
throw new ArgumentNullException("signatureBytes");
}
if (signatureBytes.Length == 0)
{
if (!validationParameters.RequireSignedTokens)
{
return jwt;
}
throw new SecurityTokenValidationException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10504, jwt.ToString()));
}
string mappedAlgorithm = jwt.Header.Alg;
if (mappedAlgorithm != null && InboundAlgorithmMap.ContainsKey(mappedAlgorithm))
{
mappedAlgorithm = InboundAlgorithmMap[mappedAlgorithm];
}
SecurityKeyIdentifier ski = jwt.Header.SigningKeyIdentifier;
// if a securityKeyIdentifier exists, look for match.
if (ski.Count > 0)
{
SecurityKey securityKey = null;
if (validationParameters.IssuerSigningKeyResolver != null)
{
securityKey = validationParameters.IssuerSigningKeyResolver(token, jwt, ski, validationParameters);
if (securityKey == null)
{
throw new SecurityTokenSignatureKeyNotFoundException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10505, ski, jwt.ToString()));
}
}
else
{
securityKey = ResolveIssuerSigningKey(token, jwt, ski, validationParameters);
if (securityKey == null)
{
throw new SecurityTokenSignatureKeyNotFoundException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10500, ski, jwt.ToString()));
}
}
try
{
if (this.ValidateSignature(encodedBytes, signatureBytes, securityKey, mappedAlgorithm))
{
jwt.SigningKey = securityKey;
return jwt;
}
}
catch (Exception ex)
{
throw new SignatureVerificationFailedException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10502, CreateKeyString(securityKey), ex.ToString(), jwt.ToString()), ex);
}
throw new SignatureVerificationFailedException(string.Format(CultureInfo.InvariantCulture, ErrorMessages.IDX10501, CreateKeyString(securityKey), jwt.ToString()));
}
else
{
Exception firstException = null;
StringBuilder exceptionStrings = new StringBuilder();
StringBuilder keysAttempted = new StringBuilder();
// Try all keys since there is no keyidentifier
foreach (SecurityKey securityKey in GetAllKeys(token, jwt, ski, validationParameters))
{
try
//.........这里部分代码省略.........
开发者ID:vebin,项目名称:azure-activedirectory-identitymodel-extensions-for-dotnet,代码行数:101,代码来源:JwtSecurityTokenHandler.cs
示例2: GetAllKeys
private IEnumerable<SecurityKey> GetAllKeys(string token, SecurityToken securityToken, SecurityKeyIdentifier keyIdentifier, TokenValidationParameters validationParameters)
{
// gets keys from metadata
if (validationParameters.IssuerSigningKeyResolver != null)
{
yield return validationParameters.IssuerSigningKeyResolver(token, securityToken, keyIdentifier, validationParameters);
}
else
{
if (validationParameters.IssuerSigningKey != null)
yield return validationParameters.IssuerSigningKey;
if (validationParameters.IssuerSigningKeys != null)
foreach (SecurityKey securityKey in validationParameters.IssuerSigningKeys)
yield return securityKey;
if (validationParameters.IssuerSigningToken != null)
foreach (SecurityKey k in validationParameters.IssuerSigningToken.SecurityKeys)
yield return k;
if (validationParameters.IssuerSigningTokens != null)
foreach (SecurityToken t in validationParameters.IssuerSigningTokens)
foreach (SecurityKey securityKey in t.SecurityKeys)
yield return securityKey;
}
}
开发者ID:vebin,项目名称:azure-activedirectory-identitymodel-extensions-for-dotnet,代码行数:27,代码来源:JwtSecurityTokenHandler.cs