Updated "System.IdentityModel.Tokens.Jwt" to "5.2.4"

Kalyan Krishna · Kalyan Krishna · commit b14dc07aae63 · 2018-07-16T19:45:23.000+05:30
diff --git a/TodoListService-ManualJwt/Global.asax.cs b/TodoListService-ManualJwt/Global.asax.cs
@@ -24,21 +24,20 @@
 using System.Web.Routing;
 
 // The following using statements were added for this sample.
-using System.Net.Http;
-using System.IdentityModel.Tokens;
-using System.Threading.Tasks;
+using System.Net.Http;using System.Threading.Tasks;
 using System.Threading;
 using System.Net;
 using System.IdentityModel.Selectors;
 using System.Security.Claims;
 using System.Net.Http.Headers;
-using System.IdentityModel.Metadata;
+using Microsoft.IdentityModel.Tokens;
 using System.ServiceModel.Security;
 using System.Xml;
-using System.Security.Cryptography.X509Certificates;
+using System.IdentityModel.Tokens.Jwt;
 using System.Globalization;
 using System.Configuration;
 using Microsoft.IdentityModel.Protocols;
+using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 
 namespace TodoListService_ManualJwt
 {
@@ -70,7 +69,7 @@ internal class TokenValidationHandler : DelegatingHandler
         string authority = String.Format(CultureInfo.InvariantCulture, aadInstance, tenant);
 
         static string _issuer = string.Empty;
-        static List<SecurityToken> _signingTokens = null;
+        static ICollection<SecurityKey> _signingKeys = null;
         static DateTime _stsMetadataRetrievalTime = DateTime.MinValue;
         static string scopeClaimType = "http://schemas.microsoft.com/identity/claims/scope";
         
@@ -89,32 +88,32 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
             if (jwtToken == null)
             {
-                HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
+                HttpResponseMessage response = this.BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
                 return response;
             }
 
             string issuer;
-            List<SecurityToken> signingTokens;
+            ICollection<SecurityKey> signingTokens;
 
             try
             {
                 // The issuer and signingTokens are cached for 24 hours. They are updated if any of the conditions in the if condition is true.            
                 if (DateTime.UtcNow.Subtract(_stsMetadataRetrievalTime).TotalHours > 24
                     || string.IsNullOrEmpty(_issuer)
-                    || _signingTokens == null)
+                    || _signingKeys == null)
                 {
                     // Get tenant information that's used to validate incoming jwt tokens
-                    string stsDiscoveryEndpoint = string.Format("{0}/.well-known/openid-configuration", authority);
-                    ConfigurationManager<OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint);
-                    OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync();
+                    string stsDiscoveryEndpoint = $"{this.authority}/.well-known/openid-configuration";
+                    Microsoft.IdentityModel.Protocols.ConfigurationManager<Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration> configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint, new OpenIdConnectConfigurationRetriever());
+                    Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration config = await configManager.GetConfigurationAsync(cancellationToken);
                     _issuer = config.Issuer;
-                    _signingTokens = config.SigningTokens.ToList();
+                    _signingKeys = config.SigningKeys;
                     
                     _stsMetadataRetrievalTime = DateTime.UtcNow;
                 }
 
                 issuer = _issuer;
-                signingTokens = _signingTokens;
+                signingTokens = _signingKeys;
             }
             catch (Exception)
             {
@@ -130,8 +129,7 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 
                 // Supports both the Azure AD V1 and V2 endpoint
                 ValidIssuers = new [] { issuer, $"{issuer}/v2.0" },
-                IssuerSigningTokens = signingTokens,
-                CertificateValidator = X509CertificateValidator.None // Certificate validation does not make sense since AAD's metadata document is signed with a self-signed certificate.
+                IssuerSigningKeys = signingTokens
             };
 
             try
@@ -152,15 +150,15 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                 // If the token is scoped, verify that required permission is set in the scope claim.
                 if (ClaimsPrincipal.Current.FindFirst(scopeClaimType) != null && ClaimsPrincipal.Current.FindFirst(scopeClaimType).Value != "user_impersonation")
                 {
-                    HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Forbidden);
+                    HttpResponseMessage response = this.BuildResponseErrorMessage(HttpStatusCode.Forbidden);
                     return response;
                 }
 
                 return await base.SendAsync(request, cancellationToken);
             }
             catch (SecurityTokenValidationException)
             {
-                HttpResponseMessage response = BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
+                HttpResponseMessage response = this.BuildResponseErrorMessage(HttpStatusCode.Unauthorized);
                 return response;
             }
             catch (Exception)
diff --git a/TodoListService-ManualJwt/TodoListService-ManualJwt.csproj b/TodoListService-ManualJwt/TodoListService-ManualJwt.csproj
@@ -46,20 +46,31 @@
       <HintPath>..\packages\Antlr.3.5.0.2\lib\Antlr3.Runtime.dll</HintPath>
     </Reference>
     <Reference Include="Microsoft.CSharp" />
-    <Reference Include="Microsoft.IdentityModel.Protocol.Extensions, Version=1.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\Microsoft.IdentityModel.Protocol.Extensions.1.0.4.403061554\lib\net45\Microsoft.IdentityModel.Protocol.Extensions.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.JsonWebTokens, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.JsonWebTokens.5.2.4\lib\net45\Microsoft.IdentityModel.JsonWebTokens.dll</HintPath>
     </Reference>
-    <Reference Include="Newtonsoft.Json, Version=6.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
-      <SpecificVersion>False</SpecificVersion>
-      <HintPath>..\packages\Newtonsoft.Json.6.0.5\lib\net45\Newtonsoft.Json.dll</HintPath>
+    <Reference Include="Microsoft.IdentityModel.Logging, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Logging.5.2.4\lib\net45\Microsoft.IdentityModel.Logging.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.5.2.4\lib\net45\Microsoft.IdentityModel.Protocols.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.5.2.4\lib\net45\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.IdentityModel.Tokens, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.IdentityModel.Tokens.5.2.4\lib\net45\Microsoft.IdentityModel.Tokens.dll</HintPath>
+    </Reference>
+    <Reference Include="Newtonsoft.Json, Version=10.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed, processorArchitecture=MSIL">
+      <HintPath>..\packages\Newtonsoft.Json.10.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
     </Reference>
     <Reference Include="System" />
     <Reference Include="System.Data" />
     <Reference Include="System.Data.Entity" />
     <Reference Include="System.Drawing" />
     <Reference Include="System.IdentityModel" />
-    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=4.0.40306.1554, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.4.0.4.403061554\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
+    <Reference Include="System.IdentityModel.Tokens.Jwt, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\System.IdentityModel.Tokens.Jwt.5.2.4\lib\net45\System.IdentityModel.Tokens.Jwt.dll</HintPath>
     </Reference>
     <Reference Include="System.Net.Http.Formatting, Version=5.2.4.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNet.WebApi.Client.5.2.4\lib\net45\System.Net.Http.Formatting.dll</HintPath>
diff --git a/TodoListService-ManualJwt/Web.config b/TodoListService-ManualJwt/Web.config
@@ -18,7 +18,6 @@
     <compilation debug="true" targetFramework="4.5" />
     <httpRuntime targetFramework="4.5" />
   </system.web>
-
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
@@ -35,7 +34,7 @@
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
+        <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
@@ -57,6 +56,10 @@
         <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
         <bindingRedirect oldVersion="1.0.0.0-5.2.4.0" newVersion="5.2.4.0" />
       </dependentAssembly>
+      <dependentAssembly>
+        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
+        <bindingRedirect oldVersion="0.0.0.0-5.2.4.0" newVersion="5.2.4.0" />
+      </dependentAssembly>
     </assemblyBinding>
   </runtime>
   <system.webServer>
@@ -67,4 +70,4 @@
       <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
     </handlers>
   </system.webServer>
-</configuration>
+</configuration>
diff --git a/TodoListService-ManualJwt/packages.config b/TodoListService-ManualJwt/packages.config
@@ -12,11 +12,15 @@
   <package id="Microsoft.AspNet.WebApi.HelpPage" version="5.2.4" targetFramework="net45" />
   <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.4" targetFramework="net45" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.4" targetFramework="net45" />
-  <package id="Microsoft.IdentityModel.Protocol.Extensions" version="1.0.4.403061554" targetFramework="net45" />
+  <package id="Microsoft.IdentityModel.JsonWebTokens" version="5.2.4" targetFramework="net45" />
+  <package id="Microsoft.IdentityModel.Logging" version="5.2.4" targetFramework="net45" />
+  <package id="Microsoft.IdentityModel.Protocols" version="5.2.4" targetFramework="net45" />
+  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="5.2.4" targetFramework="net45" />
+  <package id="Microsoft.IdentityModel.Tokens" version="5.2.4" targetFramework="net45" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net45" />
   <package id="Modernizr" version="2.8.3" targetFramework="net45" />
-  <package id="Newtonsoft.Json" version="6.0.5" targetFramework="net45" />
+  <package id="Newtonsoft.Json" version="10.0.1" targetFramework="net45" />
   <package id="Respond" version="1.4.2" targetFramework="net45" />
-  <package id="System.IdentityModel.Tokens.Jwt" version="4.0.4.403061554" targetFramework="net45" />
+  <package id="System.IdentityModel.Tokens.Jwt" version="5.2.4" targetFramework="net45" />
   <package id="WebGrease" version="1.6.0" targetFramework="net45" />
 </packages>
