Windows Identity Foundation: How to validate a token for signature and expiry?
Question
I'm going through this tutorial to build claims-aware MVC web app using WIF. Link: https://msdn.microsoft.com/en-us/library/hh291061(v=vs.110).aspx
Sadly the tutorial doesn't mention anything about how to actually validate the token obtained. I tried to search online but couldn't find anything.
Can anyone please help me?
1 answers
solution1
0 2016-12-08 21:40:40
Take a look at my tutorial here
http://www.wiktorzychla.com/2014/11/simplest-saml11-federated-authentication.html
The code you should pay attention to is straightforward
var securityToken = fam.GetSecurityToken( request );
var config = new SecurityTokenHandlerConfiguration
{
CertificateValidator = X509CertificateValidator.None,
IssuerNameRegistry = new CustomIssuerNameRegistry()
};
config.AudienceRestriction.AudienceMode = AudienceUriMode.Never;
var tokenHandler = new SamlSecurityTokenHandler
{
CertificateValidator = X509CertificateValidator.None,
Configuration = config
};
// validate the token and get the ClaimsIdentity out of it
var identity = tokenHandler.ValidateToken( securityToken );
var principal = new ClaimsPrincipal( identity );
For this to work you also need a custom issuer name registry that recognizes or rejects the cert the token is signed with
public override string GetIssuerName( SecurityToken securityToken )
{
X509SecurityToken x509Token = securityToken as X509SecurityToken;
if ( accept the cert ? )
return x509Token.Certificate.Subject;
else
return string.Empty; // rejects it
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.