小贝子编程

如何解码 SessionSecurityToken



是否可以解码SessionSecurityToken

我已经建立了一个站点来使用 MachineKeySessionSecurityTokenHandler ThinkTecture IdentityServer,一切都按预期工作。
但是现在我需要将令牌传递给另一个服务,但使用Authorization HTTP 标头而不是 cookie。

我尝试了以下方法:

var cookie = HttpContext.Current.Request.Cookies[FederatedAuthentication.FederationConfiguration.CookieHandler.Name];
if (cookie != null)
{
    var t = MachineKey.Unprotect(Convert.FromBase64String(cookie.Value), "System.IdentityModel.Services.MachineKeyTransform");
}

但这抛出了一个System.Security.Cryptography.CryptographicException

找到了解决方案。

通过网络发送数据的唯一(简单(方法是将SessionSecurityToken转换为JwtSecurityToken并使用 RawData 属性。

示例实现(取决于ThinkTecture.IdentityModel(:

public JwtSecurityToken ConvertSessionToJsonWebSecurityToken(SessionSecurityToken sessionToken)
{
    var h = FederatedAuthentication.FederationConfiguration.IdentityConfiguration.SecurityTokenHandlers[typeof(JwtSecurityToken)] as JwtSecurityTokenHandler;
    if (h != null)
    {
        var issuer = ((ValidatingIssuerNameRegistry)h.Configuration.IssuerNameRegistry).IssuingAuthorities.First().Name;
        var audience = h.Configuration.AudienceRestriction.AllowedAudienceUris.First().AbsoluteUri;
        var signingKey = ((ValidatingIssuerNameRegistry)h.Configuration.IssuerNameRegistry).IssuingAuthorities.First().SymmetricKeys.First();
        var securityKey = ((NamedKeyIssuerTokenResolver)h.Configuration.IssuerTokenResolver).SecurityKeys.First().Value.First();
        // Create token
        var t = h.CreateToken(
            null,
            null,
            (ClaimsIdentity)sessionToken.ClaimsPrincipal.Identity,
            new Lifetime(sessionToken.ValidFrom, sessionToken.ValidTo),
            new SigningCredentials(
                securityKey,
                Algorithms.HmacSha256Signature,
                Algorithms.Sha256Digest));
        // Serialize token for validaiton
        var s = h.WriteToken(t);
        // Validate token
        var validationParameters = new TokenValidationParameters()
        {
            AllowedAudience = audience,
            ValidIssuer = issuer,
            SigningToken = new BinarySecretSecurityToken(Convert.FromBase64String(signingKey))
        };
        h.ValidateToken(s, validationParameters);
        // Return token with correct type
        return h.ReadToken(s) as JwtSecurityToken;
    }
    return null;
}
[Test]
public void GetToken_WhenValidSessionTokenExist_ShouldReturnValidJwtToken()
{
    JwtSecurityToken c;
    FederatedAuthentication.SessionAuthenticationModule.TryReadJwtTokenFromCookie(container.GetInstance<ISecurityTokenOperations>(), out c)
    Assert.That(!string.IsNullOrEmpty(c.RawData));
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium