How can I encrypt JWT Token in Web Api C#?
Question
My Jwt Token looks like below:
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9leGFtcGxlLm9yZyIsImF1ZCI6Imh0dHA6XC9cL2V4YW1wbGUuY29tIiwiaWF0IjoxMzU2OTk5NTI0LCJuYmYiOjEzNTcwMDAwMDAsImV4cCI6MTQwNzAxOTYyOSwianRpIjoiaWQxMjM0NTYiLCJ0eXAiOiJodHRwczpcL1wvZXhhbXBsZS5jb21cL3JlZ2lzdGVyIiwidGVzdC10eXBlIjoiZm9vIn0.UGLFIRACaHpGGIDEEv-4IIdLfCGXT62X1vYx7keNMyc
If I Copy the above JWT token and paste it in https://jwt.io/ then the actual information is showing like this
I want to encrypt the JWT token with no one can access my information in Web Api. So, I want to use any encryption algorithm, If so please provide me proper solution
Here is my Startup.cs file to authorize JWT Token.
// Api controllers with an [Authorize] attribute will be validated with JWT
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new[] { audience },
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new SymmetricKeyIssuerSecurityTokenProvider(issuer, secret)
}
});
}
1 answers
solution1
2 ACCPTED 2016-06-14 08:57:59
Why exactly do you think that it is a problem that someone can see this information? If you are using JWT for authentication, then it's only the user who was just authenticated will get this token and it probably contains the information about this user. So it does not hurt for a user to be able to see information about himself.
Most importantly the token is mac'ed so that no one can forge it and pretend to be another user and that should be sufficient.
And as mentioned in the comments you should be using TLS anyway, so it's encrypted in the transition.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.