[英]Web API Validate JWT Bearer Token from Custom Auth Provider
I've been looking for an example or tutorial for a few hours and thought I should post something at this point. 我一直在寻找一个示例或教程几个小时,并认为我应该发布一些东西。
I'm trying to validate a bearer token from a custom Auth provider inside my .Net 4.7.2 Web Api 2 project. 我正在尝试从我的.Net 4.7.2 Web Api 2项目中的自定义Auth提供程序验证持有者令牌。 I have a SPA app that gets a bearer token from this auth provider, and sends the bearer token to my WebApi endpoints.
我有一个SPA应用程序从该身份验证提供程序获取持有者令牌,并将持有者令牌发送到我的WebApi端点。 I need to turn around and validate the token in each request.
我需要转身并验证每个请求中的令牌。 I thought there would be a way to point the classes in the Microsoft.Owin.Security.Jwt namespace to validate the token based on the auth providers well known discovery information url .
我认为有一种方法可以指向Microsoft.Owin.Security.Jwt命名空间中的类,以根据身份验证提供程序众所周知的发现信息url验证令牌。
Has anyone done this before or point me towards a good library/documentation/tutorial? 有没有人之前做过这个或者指向一个好的图书馆/文档/教程?
I know I can write my own auth request filter and go out and pull down the public certificate from the auth server and parse the token and validate the signature, but it seems like a horrible idea for me to write that myself vs using the appropriate libraries. 我知道我可以编写自己的身份验证请求过滤器,然后从auth服务器下载公共证书并解析令牌并验证签名,但对我来说,使用相应的库来编写自己似乎是一个可怕的想法。
Ok turns out I found a good example here 好的结果我在这里找到了一个很好的例子
The following code sets up our webapi to validate tokens with our custom auth provider while discovering the public key through the OIDC discovery url. 以下代码设置我们的webapi以使用我们的自定义身份验证提供程序验证令牌,同时通过OIDC发现URL发现公钥。
var issuer = "https://my-auth-provider-here/";
IConfigurationManager<OpenIdConnectConfiguration> configurationManager =
new ConfigurationManager<OpenIdConnectConfiguration>($"{issuer}.well-known/openid-configuration", new OpenIdConnectConfigurationRetriever());
OpenIdConnectConfiguration openIdConfig = configurationManager.GetConfigurationAsync(CancellationToken.None).Result;
appBuilder.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions()
{
AuthenticationMode = AuthenticationMode.Active,
TokenValidationParameters = new TokenValidationParameters()
{
AuthenticationType = "Bearer",
ValidIssuer = issuer,
ValidateAudience = false,
IssuerSigningKeys = openIdConfig.SigningKeys
}
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.