stonetip · August 29, 2015 13:55 · Feb 2, 2014 · Feb 2, 2014 · Jan 31, 2014
diff --git a/TokenValidationHandler → TokenValidationHandler.cs b/TokenValidationHandler → TokenValidationHandler.cs
diff --git a/TokenValidationHandler b/TokenValidationHandler
@@ -34,8 +34,7 @@ internal class TokenValidationHandler : DelegatingHandler
         }
     }
 
-    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
-        CancellationToken cancellationToken)
+    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
     {
         string token;
 

diff --git a/TokenValidationHandler b/TokenValidationHandler
@@ -0,0 +1,114 @@
+internal class TokenValidationHandler : DelegatingHandler
+{
+    // This function retrieves ACS token (in format of OAuth 2.0 Bearer Token type) from 
+    // the Authorization header in the incoming HTTP request from the client.
+    private static bool TryRetrieveToken(HttpRequestMessage request, out string token)
+    {
+        try
+        {
+            token = null;
+            IEnumerable<string> authHeaders;
+
+            request.Headers.TryGetValues("Authorization", out authHeaders);
+
+            var authHeadersList = authHeaders.ToList();
+
+            if (authHeadersList.Count() != 1)
+            {
+                // Fail if no Authorization header or more than one Authorization headers 
+                // are found in the HTTP request 
+                return false;
+            }
+
+            token = authHeadersList.FirstOrDefault();
+
+            return true;
+        }
+        catch (Exception err)
+        {
+            Debug.WriteLine(err.Message);
+
+            token = null;
+
+            return false;
+        }
+    }
+
+    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
+        CancellationToken cancellationToken)
+    {
+        string token;
+
+        if (!TryRetrieveToken(request, out token))
+        {
+            return
+                Task<HttpResponseMessage>.Factory.StartNew(
+                    () => new HttpResponseMessage(HttpStatusCode.Unauthorized), cancellationToken);
+        }
+
+        try
+        {
+            // Use JwtSecurityTokenHandler to validate the JWT token
+            var tokenHandler = new JwtSecurityTokenHandler();
+
+            var convertedSecret = EncodeSigningToken(ConfigurationManager.AppSettings["ClientSecret"]);
+
+            // Set the expected properties of the JWT token in the TokenValidationParameters
+            var validationParameters = new TokenValidationParameters()
+            {
+                AllowedAudience = ConfigurationManager.AppSettings["AllowedAudience"],
+                ValidIssuer = ConfigurationManager.AppSettings["Issuer"],
+                SigningToken = new BinarySecretSecurityToken(convertedSecret)
+            };
+
+            Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters);
+
+            if (HttpContext.Current != null)
+            {
+                HttpContext.Current.User = Thread.CurrentPrincipal;
+            }
+
+            // Treat as ClaimsPrincipal, extract JWT expiration and inject it into request headers
+            var cp = (ClaimsPrincipal)Thread.CurrentPrincipal;
+
+            request.Headers.Add("JWT-Expiration", cp.FindFirst("exp").Value);
+
+            return base.SendAsync(request, cancellationToken);
+        }
+        catch (SecurityTokenValidationException stvErr)
+        {
+            Debug.WriteLine(stvErr.Message);
+
+            return Task.FromResult(new HttpResponseMessage(HttpStatusCode.Unauthorized));
+        }
+        catch (Exception err)
+        {
+            Debug.WriteLine(err.Message);
+
+            return Task.FromResult((new HttpResponseMessage(HttpStatusCode.InternalServerError)));
+        }
+    }
+
+
+    public static byte[] StrToByteArray(string str)
+    {
+        var encoding = new UTF8Encoding();
+        return encoding.GetBytes(str);
+    }
+
+    public static byte[] EncodeSigningToken(string token)
+    {
+        try
+        {
+            var sha256 = new SHA256Managed();
+            var secretBytes = StrToByteArray(token + "JWTSig");
+            var signingKey = sha256.ComputeHash(secretBytes);
+
+            return signingKey;
+        }
+        catch (Exception)
+        {
+            return null;
+        }
+    }
+}