I had a requirement to use Ad authentication for web api I had implimented using "WindowsAzureActiveDirectoryBearerAuthenticationOptions" but i am getting below error at ValidateToken while I am hitting with the client
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 2,
Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x8818CBD5172ACE18B2E1FA71231759AA884CD989),
Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token: {-------------------}
What I have tried:
Below is the my start up file
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
ConfigureAuth(app);
WebApiConfig.Register(config);
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(config);
}
private void ConfigureAuth(IAppBuilder app)
{
var _x509DataProtector = GetX509Certificate(ConfigurationManager.AppSettings["CertificateThumbPrint"]);
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters
{
ValidIssuers = ConfigurationManager.AppSettings["Audience"].Split(','),
ValidateIssuer = true,
SaveSigninToken = false,
IssuerSigningKey = X509AsymmetricSecurityKey(_x509DataProtector),
},
Tenant = ConfigurationManager.AppSettings["Tenant"],
Provider= new OAuthBearerProvider()
});
}
Below is the class where i want to validate the token
public class OAuthBearerProvider : OAuthBearerAuthenticationProvider
{
public override Task RequestToken(OAuthRequestTokenContext context)
{
try
{
var tokenHandler = new JwtSecurityTokenHandler();
SecurityToken securityToken;
var _x509DataProtector = GetX509Certificate(ConfigurationManager.AppSettings["CertificateThumbPrint"]);
var validationParameters = new TokenValidationParameters()
{
ValidateAudience = true,
ValidAudiences = ConfigurationManager.AppSettings["Audience"].Split(','),
IssuerSigningKey = new X509SecurityKey(_x509DataProtector),
};
var auth = context.OwinContext.Request.Headers["Authorization"];
if (!string.IsNullOrWhiteSpace(auth) && auth.Contains("Bearer"))
{
var token = auth.Split(' ')[1];
var pr = tokenHandler.CanValidateToken;
//I am getting the above error at this line
var principal = tokenHandler.ValidateToken(token, validationParameters, out securityToken);
context.Request.User = principal;
}
}
catch (Exception ex)
{
var message = ex.Message;
return Task.FromResult<object>(context);
}
return Task.FromResult<object>(context);
}
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
return Task.FromResult<object>(context);
}
}
I had referred some tutorial regarding asymmetric RSA256 where a public key is used to pass for IssuerSigningToken , Here can i asumme the public key as client's app id if that is true how can i assign it to IssuerSigningToken or IssuerSigningKey in TokenValidationParameters.