public class JwtMessageHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var authorizationParameter = request.Headers.Authorization.Parameter;
var handler = new JwtSecurityTokenHandler();
var x509Certificate2 = new X509Certificate2(@"c:\temp\ADFS Signing.cer");
var x509SecurityToken = new X509SecurityToken(x509Certificate2);
var tokenValidationParameters = new TokenValidationParameters
{
SigningToken = x509SecurityToken,
AllowedAudience = "[relyingparty identifier]",
ValidIssuer = "[Federation Service identifier]"
};
ClaimsPrincipal res;
res = handler.ValidateToken(authorizationParameter,
tokenValidationParameters);
HttpContext.Current.User = res;
Thread.CurrentPrincipal = res;
return base.SendAsync(request, cancellationToken);
}
}
The JwtMesssageHandler can be configured in the global.asax:
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
// other configuration
GlobalConfiguration.Configuration.MessageHandlers.Add(new JwtMessageHandler());
}
}
