3
votes

I have problem sending jwt token too a wcf service.

Have followed this and it almost works. Delivering a JWT SecurityToken to a WCF client

So i send a GenericXmlSecurityToken as in the link above. And have created the following handler:

public class CustomJwtSecurityTokenHandler : JwtSecurityTokenHandler
{
    public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
    {
        var jwtToken = (JwtSecurityToken)(token);
        SecurityToken securityToken;
        var principal = ValidateToken(jwtToken.RawData, new TokenValidationParameters(), out securityToken);
        var collection = new ReadOnlyCollection<ClaimsIdentity>(principal.Identities.ToList());
        return collection;
    }

    public override ClaimsPrincipal ValidateToken(string jwt, TokenValidationParameters validationParameters, out SecurityToken token)
    {
        validationParameters.ValidateAudience = false;
        validationParameters.ValidateIssuer = false;

        var certificateBytes = Convert.FromBase64String("long text...");

        validationParameters.IssuerSigningKey = new X509SecurityKey(new X509Certificate2(certificateBytes));

        return base.ValidateToken(jwt, validationParameters, out token);
    }
}

So far everything works the token validates, but after this something happens.

The server throws

System.ServiceModel.Security.MessageSecurityException : Message security verification failed. System.IndexOutOfRangeException: The index was outside the bounds of the array.

StackTrace of innerexception

<StackTrace>
   at System.Xml.XmlBufferReader.GetChars(Int32 offset, Int32 length, Char[] chars)
   at System.Xml.XmlBufferReader.GetString(Int32 offset, Int32 length)
   at System.Xml.StringHandle.GetString()
   at System.Xml.XmlBaseReader.ReadEndElement()
   at System.ServiceModel.Security.ReceiveSecurityHeader.ExecuteFullPass(XmlDictionaryReader reader)
   at System.ServiceModel.Security.ReceiveSecurityHeader.Process(TimeSpan timeout, ChannelBinding channelBinding, ExtendedProtectionPolicy extendedProtectionPolicy)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessageCore(Message&amp; message, TimeSpan timeout)
   at System.ServiceModel.Security.TransportSecurityProtocol.VerifyIncomingMessage(Message&amp; message, TimeSpan timeout)
</StackTrace>
1
Did you ever find out what caused the error? I'm having the exact same problem.Anders Fjeldstad
No, I have no clue :(Spindel
Hi. I turned bald due to this problem. Did you by any chance find a solution?Mickaël Derriey

1 Answers

0
votes

This might be an issue in WCF.

See: How to use JWT tokens with WCF and WIF?

A potential workaround might be to transport the JWT as a claim in a GenericXmlSecurityToken, as proposed by http://leastprivilege.com/2015/07/02/give-your-wcf-security-architecture-a-makeover-with-identityserver3/