Class WebOAuthSecurityServiceElement
Represents a configuration element containing information about how service validates an access token issued by OAuth/OpenID Connect server and received from a client application.
Inherited Members
Namespace: Nevatech.Vsb.Repository.Security.OAuth
Assembly: Nevatech.Vsb.Repository.dll
Syntax
public sealed class WebOAuthSecurityServiceElement : ConfigurationElementConstructors
WebOAuthSecurityServiceElement()
Declaration
public WebOAuthSecurityServiceElement()Properties
AdditionalParameters
Gets or sets the Url-encoded, ampersand-separated list of additional query or form parameters to be submitted with the token validation request. Parameters are set as URI query parameters, if token parameter type is set to QueryParameter or HttpHeader, or as Forms parameter in the message body, if token parameter type is set to FormParameter.
Declaration
[ConfigurationProperty("tokenParameters")]
public string AdditionalParameters { get; set; }Property Value
| Type | Description |
|---|---|
| string |
Audiences
Gets the access token's valid audiences/recipients names. If empty then token audience is not validated.
Declaration
[ConfigurationProperty("audiences")]
public ValueElementCollection Audiences { get; }Property Value
| Type | Description |
|---|---|
| ValueElementCollection |
AuthorizationHeaderValue
Gets or sets the Authorization header value to be passed with the token validation request. If not provided then header is not sent at all. If token parameter type is set to HttpHeader and token parameter name is set to "Authorization" then this value will not be used (token value takes precedence).
Declaration
[ConfigurationProperty("tokenAuthorizationHeader")]
public string AuthorizationHeaderValue { get; set; }Property Value
| Type | Description |
|---|---|
| string |
CacheLifetime
Gets or sets the caching time of a token validation result. This property applies to Reference token validation only. Default is one hour.
Declaration
[ConfigurationProperty("cacheLifetime", DefaultValue = "01:00:00")]
public TimeSpan CacheLifetime { get; set; }Property Value
| Type | Description |
|---|---|
| TimeSpan |
IsTokenRequired
Gets or sets flag indicating that access token must be present in the request message. If token is missing than message will be rejected.
Declaration
[ConfigurationProperty("requireToken", DefaultValue = true)]
public bool IsTokenRequired { get; set; }Property Value
| Type | Description |
|---|---|
| bool |
Issuers
Gets the access token's valid issuer names. If empty then token issuer is not validated.
Declaration
[ConfigurationProperty("issuers")]
public ValueElementCollection Issuers { get; }Property Value
| Type | Description |
|---|---|
| ValueElementCollection |
Properties
Gets collection of configuration element properties.
Declaration
protected override ConfigurationPropertyCollection Properties { get; }Property Value
| Type | Description |
|---|---|
| ConfigurationPropertyCollection |
Overrides
SigningCertificateReferences
Gets the X.509 certificate(s) stored in Windows Certificate Store to be used for checking access token's signature. This property is applied to JWT token validation only.
Declaration
[ConfigurationProperty("signingCertificateReferences")]
public X509CertificateReferenceElementCollection SigningCertificateReferences { get; }Property Value
| Type | Description |
|---|---|
| X509CertificateReferenceElementCollection |
SigningCertificates
Gets the base64-encoded X.509 certificate(s) to be used for checking access token's signature. This property is applied to JWT token validation only.
Declaration
[ConfigurationProperty("signingCertificates")]
public X509CertificateElementCollection SigningCertificates { get; }Property Value
| Type | Description |
|---|---|
| X509CertificateElementCollection |
SigningRsaKeys
Gets the RSA public keys to be used for checking access token's signature. This property is applied to JWT token validation only.
Declaration
[ConfigurationProperty("signingRsaKeys")]
public RsaKeyElementCollection SigningRsaKeys { get; }Property Value
| Type | Description |
|---|---|
| RsaKeyElementCollection |
SigningSecrets
Gets the symmetric secret keys to be used for checking access token's signature. This property is applied to JWT token validation only.
Declaration
[ConfigurationProperty("signingSecrets")]
public BinarySecretElementCollection SigningSecrets { get; }Property Value
| Type | Description |
|---|---|
| BinarySecretElementCollection |
TokenFormatString
Gets or sets the format string (for example, "Bearer {0}") to be used to format access token value when calling a token validation endpoint. If not set then value is passed as is.
Declaration
[ConfigurationProperty("tokenFormatString")]
public string TokenFormatString { get; set; }Property Value
| Type | Description |
|---|---|
| string |
TokenParameterName
Gets or sets the name of the URI query parameter, form parameter, or HTTP header providing the access token value when calling a token validation endpoint. Default is "access_token".
Declaration
[ConfigurationProperty("tokenParameterName")]
public string TokenParameterName { get; set; }Property Value
| Type | Description |
|---|---|
| string |
TokenParameterType
Gets or sets the method of sending an access token value when calling a token validation endpoint. Default is a form parameter.
Declaration
[ConfigurationProperty("tokenParameterType")]
public ParameterType TokenParameterType { get; set; }Property Value
| Type | Description |
|---|---|
| ParameterType |
TokenType
Gets or sets the type of access token that dictates the validation procedure. JWT tokens are validated locally by checking the digital signature. Reference tokens are validated by calling a token validation endpoint and passing the received token as a parameter.
Declaration
[ConfigurationProperty("tokenType")]
public AccessTokenType TokenType { get; set; }Property Value
| Type | Description |
|---|---|
| AccessTokenType |
TokenValidationEndpoint
Gets or sets the URI to OAuth token validation endpoint or user info endpoint. This endpoint is used to validate reference access tokens received from the client. If not set and reference token type is used then endpoint address is extracted from the authorization service metadata by querying OpenID Connect Discovery endpoint.
Declaration
[ConfigurationProperty("tokenValidationEndpoint")]
public Uri TokenValidationEndpoint { get; set; }Property Value
| Type | Description |
|---|---|
| Uri |
TokenValidationTimeout
Gets or sets the token validation request timeout. This property applies to Reference token validation only. Default is one minute.
Declaration
[ConfigurationProperty("validationTimeout", DefaultValue = "00:01:00")]
public TimeSpan TokenValidationTimeout { get; set; }Property Value
| Type | Description |
|---|---|
| TimeSpan |
Methods
Copy(WebOAuthSecurityServiceElement)
Copies the content of the specified configuration element to this configuration element.
Declaration
public void Copy(WebOAuthSecurityServiceElement from)Parameters
| Type | Name | Description |
|---|---|---|
| WebOAuthSecurityServiceElement | from | The configuration element to be copied. |
GetSecurityKeys()
Creates collection of security keys that are specified in this configuration element.
Declaration
[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope")]
[SuppressMessage("Microsoft.Design", "CA1024:UsePropertiesWhereAppropriate")]
public IList<SecurityKey> GetSecurityKeys()Returns
| Type | Description |
|---|---|
| IList<SecurityKey> | Collection of security keys that are specified in this configuration element. |