stackoom
  简体   繁体   中英

Can't get JWT based security in .NET Core 3.0 working

 原文  2019-07-20 19:55:59       c#/ .net-core/ jwt/ .net-core-3.0

Question

According to MSDN , I'm supposed to be able to use the following. 

services.AddAuthentication()
  .AddIdentityServerJwt();

This doesn't work because AddIdentityServerJwt seem not to be there. Also, I'm not sure if I want to go hand in hand with IdentityServer at this moment at all.

I haven't found any tutorials or blogs discussing security for an SPA based on backend in .NET Core 3.0 that wouldn't be a direct referrer to the link above (hence relying in the Identity Server). Probably because it such a cutting edge tech at the moment. The migration manual from 2.2 to 3.0 is not exhausting and I also suspect that it might be inaccurate .

In previous version, I'd declare a default scheme and configure the token validation in the Startup.cs file. However, now, it seems like all the cheese has been moved around in Core 3.

How should I configure the (simplest possible) security using JWT and (most preferably) avoiding Identity Server? 

public void ConfigureServices(IServiceCollection services)
{
  ...
  services.AddAuthentication();
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
  ...
  //app.UseRouting();
  app.UseAuthentication();
  //app.UseAuthorization();
  //app.UseEndpoints(e => e.MapControllers());
}

This produces different variations of the following error in Swagger.

No authenticationScheme was specified, and there was no DefaultChallengeScheme found.

1 answers

solution1
 1 ACCPTED  2019-07-20 21:21:15

The missing part is that right after calling AddAuthentication , you also need to explicitly "optin" into JWT bearer: 

public void ConfigureServices(IServiceCollection services)
{
  ...
  services
    .AddAuthentication()
    .AddJwtBearer();
}

At the moment, that operation requires a manual installation of the extension methods as shown [here](Install-Package Microsoft.AspNetCore.Authentication.JwtBearer -Version 3.0.0-preview6.19307.2).

Install-Package Microsoft.AspNetCore.Authentication.JwtBearer -Version 3.0.0-preview6.19307.2

The documentation for Core 3.0 covering the method, redirects at the moment to its counterpart for Core 2.2 and may be updated or removed at any time, due to the preview state.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Claims Identity .NET CORE 3.0 API JWT Asp.net Core 3.0 CORS not working based on official documentation ASP.NET Core 3.0 Role Based Authorization not working Authentication based on JWT token bearer fails under .NET Core 2.2 after move from 3.0 Can't get claims from JWT token with ASP.NET Core Jwt Code not working on .NET Core 2 JWT doesn't get stored in ASP.NET Core with Blazor Can't access Roles in JWT Token .NET Core Can't restrict the lifetime of a JWT token in .NET Core Can't access User Secrets in ASP.net core 3.0
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM