What might the reason be that I get the exception below when trying to validate a token.
TokenValidationParameters validationParameters = new TokenValidationParameters();
validationParameters.ValidIssuers = new List<string>() { "http://www.company.com" };
validationParameters.IssuerSigningToken = new RsaSecurityToken(
(System.Security.Cryptography.RSACryptoServiceProvider) Certificate.Get().PublicKey.Key);
SecurityToken securityToken = null;
var claimsPrincipal =
(FederatedAuthentication
.FederationConfiguration
.IdentityConfiguration
.SecurityTokenHandlers
.First() as JwtSecurityTokenHandler)
.ValidateToken(tokenString, validationParameters, out securityToken);
Error:
IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier:
'SecurityKeyIdentifier
(
IsReadOnly = False,
Count = 2,
Clause[0] = X509ThumbprintKeyIdentifierClause(
Hash = 0x6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1),
Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause
)
',
token: '{"typ":"JWT","alg":"RS256","
From the error, I think you need to add an x509 Security key or credentials, something like this:
var credentials = new X509CertificateCredentials(
Certificate.Get(),
new SecurityKeyIdentifier(
new NamedKeySecurityKeyIdentifierClause(
"kid",
"6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1")));
eg this part:
new SecurityKeyIdentifier(
new NamedKeySecurityKeyIdentifierClause(
"kid",
"6B7ACC520305BFDB4F7252DAEB2177CC091FAAE1")
Also, make sure your certificate is installed in your root store.