Clever Geek Handbook

Sending jwt token using wcf service

I have problem sending jwt token to wcf service too.

Followed this up and it almost worked. Providing JWT SecurityToken to WCF Client

So, I am sending GenericXmlSecurityToken like in the above link. And created the following handler:

public class CustomJwtSecurityTokenHandler : JwtSecurityTokenHandler
{
    public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
    {
        var jwtToken = (JwtSecurityToken)(token);
        SecurityToken securityToken;
        var principal = ValidateToken(jwtToken.RawData, new TokenValidationParameters(), out securityToken);
        var collection = new ReadOnlyCollection<ClaimsIdentity>(principal.Identities.ToList());
        return collection;
    }

    public override ClaimsPrincipal ValidateToken(string jwt, TokenValidationParameters validationParameters, out SecurityToken token)
    {
        validationParameters.ValidateAudience = false;
        validationParameters.ValidateIssuer = false;

        var certificateBytes = Convert.FromBase64String("long text...");

        validationParameters.IssuerSigningKey = new X509SecurityKey(new X509Certificate2(certificateBytes));

        return base.ValidateToken(jwt, validationParameters, out token);
    }
}

So far, everything works with token validation, but after that something happens.

Server throws out

System.ServiceModel.Security.MessageSecurityException : Message security verification failed. System.IndexOutOfRangeException: The index was outside the bounds of the array.

StackTrace of innerexception

<StackTrace>
   at System.Xml.XmlBufferReader.GetChars(Int32 offset, Int32 length, Char[] chars)
   at System.Xml.XmlBufferReader.GetString(Int32 offset, Int32 length)
   at System.Xml.StringHandle.GetString()
   at System.Xml.XmlBaseReader.ReadEndElement()
   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, TimeSpan timeout)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout)
</StackTrace>
+3


source to share


1 answer


This can be a problem in WCF.

See: How to use JWT tokens with WCF and WIF?



A possible workaround could be porting the JWT as a claim in GenericXmlSecurityToken

as suggested by http://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/

0


source






More articles:


All Articles