|
|
|
|
using Microsoft.AspNet.Authentication;
|
|
|
|
|
using Microsoft.AspNet.DataProtection;
|
|
|
|
|
using System;
|
|
|
|
|
using System.IdentityModel.Tokens;
|
|
|
|
|
using System.Security.Claims;
|
|
|
|
|
using System.Text.RegularExpressions;
|
|
|
|
|
|
|
|
|
|
namespace OAuth.AspNet.Tokens
|
|
|
|
|
{
|
|
|
|
|
[Obsolete]
|
|
|
|
|
public class TicketDataFormatTokenValidator : ISecurityTokenValidator
|
|
|
|
|
{
|
|
|
|
|
#region Constructors
|
|
|
|
|
|
|
|
|
|
public TicketDataFormatTokenValidator() : this(null, "AccessToken", new string [] { "v1" }) { }
|
|
|
|
|
|
|
|
|
|
public TicketDataFormatTokenValidator(IDataProtectionProvider dataProtectionProvider, string purpose, string [] subPurposes)
|
|
|
|
|
{
|
|
|
|
|
if (dataProtectionProvider == null)
|
|
|
|
|
{
|
|
|
|
|
dataProtectionProvider = new MonoDataProtectionProvider(System.AppDomain.CurrentDomain.FriendlyName)
|
|
|
|
|
.CreateProtector("profile");
|
|
|
|
|
}
|
|
|
|
|
_ticketDataFormat = new TicketDataFormat(dataProtectionProvider.CreateProtector(purpose, subPurposes));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
|
|
|
|
#region non-Public Members
|
|
|
|
|
|
|
|
|
|
private TicketDataFormat _ticketDataFormat;
|
|
|
|
|
|
|
|
|
|
private const string _serializationRegex = @"^[A-Za-z0-9-_]*$";
|
|
|
|
|
|
|
|
|
|
private int _maximumTokenSizeInBytes = TokenValidationParameters.DefaultMaximumTokenSizeInBytes;
|
|
|
|
|
|
|
|
|
|
#endregion
|
|
|
|
|
|
|
|
|
|
#region Public Members
|
|
|
|
|
|
|
|
|
|
public bool CanValidateToken
|
|
|
|
|
{
|
|
|
|
|
get
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public int MaximumTokenSizeInBytes
|
|
|
|
|
{
|
|
|
|
|
get
|
|
|
|
|
{
|
|
|
|
|
return _maximumTokenSizeInBytes;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
set
|
|
|
|
|
{
|
|
|
|
|
if (value < 1)
|
|
|
|
|
throw new ArgumentOutOfRangeException(nameof(MaximumTokenSizeInBytes), "Negative or zero-sized tokens are invalid.");
|
|
|
|
|
|
|
|
|
|
_maximumTokenSizeInBytes = value;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public bool CanReadToken(string securityToken)
|
|
|
|
|
{
|
|
|
|
|
if (string.IsNullOrWhiteSpace(securityToken))
|
|
|
|
|
throw new ArgumentException("Security token has no value.", nameof(securityToken));
|
|
|
|
|
|
|
|
|
|
if (securityToken.Length * 2 > this.MaximumTokenSizeInBytes)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if (Regex.IsMatch(securityToken, _serializationRegex))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public ClaimsPrincipal ValidateToken(string securityToken, TokenValidationParameters validationParameters, out SecurityToken validatedToken)
|
|
|
|
|
{
|
|
|
|
|
AuthenticationTicket ticket = _ticketDataFormat.Unprotect(securityToken);
|
|
|
|
|
|
|
|
|
|
validatedToken = null;
|
|
|
|
|
|
|
|
|
|
return ticket?.Principal;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endregion
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|