From 005c0ce7f13b246f17ee044ee47b2835d978efc6 Mon Sep 17 00:00:00 2001
From: kellyyangsong <69649063+kellyyangsong@users.noreply.github.com>
Date: Thu, 26 Sep 2024 16:24:54 -0700
Subject: [PATCH] Make CaseSensitiveClaimIdentity serializable (#2850)
* make CaseSensitiveClaimsIdentity serializable (and also have to make SecurityToken serializable)
* add unit test
---
.../CaseSensitiveClaimsIdentity.cs | 1 +
.../SecurityToken.cs | 1 +
.../CaseSensitiveClaimsIdentityTests.cs | 32 ++++++++++++++++++-
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/src/Microsoft.IdentityModel.Tokens/CaseSensitiveClaimsIdentity.cs b/src/Microsoft.IdentityModel.Tokens/CaseSensitiveClaimsIdentity.cs
index 779dce8c17..09c6deff98 100644
--- a/src/Microsoft.IdentityModel.Tokens/CaseSensitiveClaimsIdentity.cs
+++ b/src/Microsoft.IdentityModel.Tokens/CaseSensitiveClaimsIdentity.cs
@@ -12,6 +12,7 @@ namespace Microsoft.IdentityModel.Tokens
///
/// A derived where claim retrieval is case-sensitive. The current retrieves claims in a case-insensitive manner which is different than querying the underlying . The provides consistent retrieval logic between the and .
///
+ [Serializable]
public class CaseSensitiveClaimsIdentity : ClaimsIdentity
{
///
diff --git a/src/Microsoft.IdentityModel.Tokens/SecurityToken.cs b/src/Microsoft.IdentityModel.Tokens/SecurityToken.cs
index f0e2c7be55..afeecf257d 100644
--- a/src/Microsoft.IdentityModel.Tokens/SecurityToken.cs
+++ b/src/Microsoft.IdentityModel.Tokens/SecurityToken.cs
@@ -11,6 +11,7 @@ namespace Microsoft.IdentityModel.Tokens
///
/// Base class for security token.
///
+ [Serializable]
public abstract class SecurityToken : ISafeLogSecurityArtifact
{
internal virtual IEnumerable CreateClaims(string issuer)
diff --git a/test/Microsoft.IdentityModel.Tokens.Tests/CaseSensitiveClaimsIdentityTests.cs b/test/Microsoft.IdentityModel.Tokens.Tests/CaseSensitiveClaimsIdentityTests.cs
index 8d93bb3651..0270080cff 100644
--- a/test/Microsoft.IdentityModel.Tokens.Tests/CaseSensitiveClaimsIdentityTests.cs
+++ b/test/Microsoft.IdentityModel.Tokens.Tests/CaseSensitiveClaimsIdentityTests.cs
@@ -1,10 +1,13 @@
-// Copyright (c) Microsoft Corporation.
+// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Collections.Generic;
+using System.IO;
using System.Linq;
using System.Security.Claims;
+using System.Text.Json;
+using System.Text.Json.Serialization;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.TestUtils;
using Newtonsoft.Json.Linq;
@@ -214,6 +217,33 @@ public static TheoryData GetCaseSensitive
}
}
+ [Fact]
+ public void CaseSensitiveClaimsIdentity_IsSerializableTest()
+ {
+ // arrange
+ CaseSensitiveClaimsIdentity claimsIdentity = (CaseSensitiveClaimsIdentity)CreateCaseSensitiveClaimsIdentity(new JObject
+ {
+ [UpperCaseClaimName] = LowerCaseClaimValue,
+ });
+ CaseSensitiveClaimsIdentity deserializedClaimsIdentity;
+
+ // act
+ var memoryStream = new MemoryStream();
+ var serializerOptions = new JsonSerializerOptions()
+ {
+ ReferenceHandler = ReferenceHandler.IgnoreCycles
+ };
+
+ JsonSerializer.Serialize(memoryStream, claimsIdentity, typeof(CaseSensitiveClaimsIdentity), serializerOptions);
+ memoryStream.Seek(0, SeekOrigin.Begin);
+ deserializedClaimsIdentity = (CaseSensitiveClaimsIdentity)JsonSerializer.Deserialize(memoryStream, typeof(CaseSensitiveClaimsIdentity), serializerOptions);
+
+ // assert
+ Assert.NotNull(deserializedClaimsIdentity);
+ Assert.Equal(claimsIdentity.NameClaimType, deserializedClaimsIdentity.NameClaimType);
+ Assert.Equal(claimsIdentity.RoleClaimType, deserializedClaimsIdentity.RoleClaimType);
+ }
+
public class CaseSensitiveClaimsIdentityTheoryData(string testId) : TheoryDataBase(testId)
{
internal ClaimsIdentity ClaimsIdentity { get; set; }