stackoom
  简体   繁体   中英

How to validate JWT Token in aspnet.core web api?

 原文  2018-08-21 07:33:00       c#/ .net-core/ asp.net-web-api2/ asp.net-core-2.0/ asp.net-core-webapi

Question

I have created custom middleware class which validates the JWT token. I am calling this method before app.AddMvc() in configure method. ***

I would like to know what are the things that I should add to Configuration services to authenticate my web API using JWT? I have added [Authorize] in my Controller class

Do I need to call my middleware class which validates the JWT token first in Configure method? or I should call App.UseAuthentication() I am using the following order : 

 app.UseAuthentication();
 app.MessageHandlerMiddleware();
 app.UseMvc();

I am new to .net web API implementation. Could you please help me out?

1 answers

solution1
 2  2018-10-15 18:42:09

From one of my answers you can see how we pass JWT token and how the code looks for classic .NET (non-core) ASP.NET WebAPI 2.

There are not many differences, the code for ASP.NET Core looks similar.

The key aspect is - when you add JWT config in Startup the app handles validation automatically . 

services
    .AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    })
    .AddJwtBearer(x =>
    {
        x.RequireHttpsMetadata = false;
        x.SaveToken = true;
        x.TokenValidationParameters = new TokenValidationParameters()
        {
            ValidateIssuerSigningKey = true,
            ValidateLifetime = true,
            IssuerSigningKey = _configuration.GetSymmetricSecurityKey(),
            ValidAudience = _configuration.GetValidAudience(),
            ValidIssuer = _configuration.GetValidIssuer()
        };
    });

(use the above link to see the implementation of GetSymmetricSecurityKey , GetValidAudience , GetValidIssuer ext. methods)

Also very important part: 

services.AddAuthorization(auth =>
{
    auth
    .AddPolicy(
        _configuration.GetDefaultPolicy(),
        new AuthorizationPolicyBuilder()
            .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​)
            .RequireAuthenticatedUser().Build()
    );
});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AspNet.Core, IdentityServer 4: Unauthorized (401) during websocket handshake with SignalR 1.0 using JWT bearer token How to convert MessageHandler in .NetFramework to AspNet.Core How to send an HTTP 4xx-5xx response with CORS headers in an ASPNET.Core web app? How Jwt token issued by IdentiyServer is validate in Web Api Application How can i read EXIF data in AspNet.Core How to store JWT Token in authorization header in Aspnet Core ASPNet.Core HostingEnvironment for Integration Tests? aspnet core jwt token as get param AspNet WebApi core JWT token not Authenticating How to Validate Token JWT Token that it comes from the same User in Web API C#
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM