Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get the claims out of a authenticated SecurityToken

Tags:

c#

jwt

identityserver3

I'm passing a token as a string into a SOAP service and have validated that the token is valid. I now have a SecurityToken that in debug mode I can see all the claims and specifically the userId claim I'd like to pass into another method. I can't seem to figure out how to get at the claims. For now I decoded the string version of the token (the none validated string version of the token, I at least waited until after a successful validation.) Here is that code block:

SecurityToken validatedToken = null;

if (VerifyToken(sPassword, ref response, ref validatedToken))
{
    var claimsObj = JObject.Parse(Encoding.UTF8.GetString(Base64Url.Decode(claims)));
    JToken userId = claimsObj.GetValue("userId");
    return implClass.Process(userId);
}

How do I get the claims out of a SecurityToken?

validatedToken.Id; // not it
validatedToken.ToClaimsPrincipal(cert); // doesn't work

Nothing else seemed promising to me as far as exposed properties, but since I can see the claims in the debugger I'm sure there is a way that I'm just not seeing.

like image 576
user2197446 Avatar asked Aug 26 '16 20:08

user2197446

2 Answers

I just experienced the same thing, namely that while debugging, a Payload property is visible on the SecurityToken but there appears to be no Payload property when editing the code.

It looks like the underlying type of the SecurityToken is JwtSecurityToken (despite the QuickWatch of securityCode.GetType() returning SecurityToken, rather than JwtSecurityToken.). Anyway, casting to the actual underlying type and referencing the Payload collection did the trick for me.

One solution:

string userId = ((JwtSecurityToken)access_token).Payload["userId"].ToString();
like image 153
Eric McLachlan Avatar answered Sep 18 '22 15:09

Eric McLachlan

Likely you are seeing the claims because the debugger is using the real type of the object, not the base SecurityToken class. Cast it as the real type, and you should have easier access to the claims.

That, or use a securityTokenHAndler to validate and retrieve out the claim collection.

https://msdn.microsoft.com/en-us/library/system.identitymodel.tokens.securitytokenhandler.validatetoken(v=vs.110).aspx

like image 38
Tim Avatar answered Sep 17 '22 15:09

Tim
Sign in to Comment

Related questions

ItemsControl with WrapPanel as ItemsPanel - combine a "static" child and ItemsSource
Can you use C++ DLLs in C# code in a UWP?
T4 indentation in generated C# code
Why is Visual Studio replacing List<T>.Length with List<T>.Count?
How to compile c# csproj into exe in Visual Studio 2015 - error CS0579
Incorporate Enum.GetName(...) into Linq Query
Making a WPF window click-through, but not its controls
Get the Exact Size of the Zoomed Image inside the Picturebox
How to set Identity Seed value in code-first?
Future of asp.net 4.6 MVC 5
Asyc method using await Task.Run() never "completes"
UWP - How to tile a background image?
.NET State of DB Connection
Entity Framework Database First many-to-many
should the ASP.NET Server Control template exist in Visual Studio 2015 community edition?
Strange Notepad++ HEX-editor plugin
Implementing async/await pattern for manually generated WCF (client-side) proxies
Test Environment.Exit() in C#
How to deal with two libraries that need different versions of an assembly?
Difference between awaiting straight away or awaiting later on

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!