stackoom
  简体   繁体   中英

Use both windows authentication and bearer tokens in one web api

 原文  2022-01-03 06:31:20       c#/ asp.net-core/ asp.net-web-api/ jwt

Question

I am trying to build a web api in .NET core 3.1 which first tries to get a bearer token through windows authentication and then uses this token to autenticate further requests.

It seems that it is not allowed to use both windows authentication and bearer in a single web api. I want to have to controllers for which one uses windows authentication and another uses bearer authentication. This is my controller method:

[HttpGet]
[Route("api/token")]       
[Authorize(AuthenticationSchemes = "Windows")]
public async Task<IActionResult> AuthorizeAsync(CancellationToken cancellationToken) 
{
   // Do something
}

this is for my bearer auth-scheme:

_services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                options.RequireHttpsMetadata = false;
                options.SaveToken = true;              
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateIssuerSigningKey = !string.IsNullOrWhiteSpace(tokenProviderOptions.SigningKey),
                    IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(tokenProviderOptions.SigningKey)),
                    ValidateIssuer = !string.IsNullOrWhiteSpace(tokenProviderOptions.Issuer),
                    ValidIssuer = tokenProviderOptions.Issuer,
                    ValidateAudience = !string.IsNullOrWhiteSpace(tokenProviderOptions.Audience),
                    ValidAudience = tokenProviderOptions.Audience,
                    RequireExpirationTime = true,
                    ValidateLifetime = !string.IsNullOrWhiteSpace(tokenProviderOptions.TokenLifeTime),
                    ClockSkew = TimeSpan.FromSeconds(0),
                };               
            });

and in my startup I add windows auth:

 services.AddAuthentication("Windows").AddNegotiate();

I have read answers that you cannot call AddAuthentication twice since the second call will override the configuration of the first call, but no solution provided in these question.

So how to mix windows authentication and bearer tokens in one web api?

1 answers

solution1
 1  2022-01-03 09:29:08

You can add multiple AuthenticationSchemes as it is a comma delimited string property.

[Authorize(AuthenticationSchemes = "Windows,Bearer")]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Web API Bearer tokens - can I use custom tokens? Web API Security and Authentication - bearer token Web API 2 OWIN Bearer token custom authentication windows authentication in web api 2 Retrieve user information from Web API OAuth Bearer authentication How to use ASP.net 5 Identity in web API application? User authentication based on tokens. Mobile apps Very basic bearer token authentication and authorization in Web API 2 Using Microsoft Graph token to secure ASP.NET Core Web API with Jwt Bearer tokens Proper way to test authenticated methods (using bearer tokens) in C# (web api) Windows authentication on web.api
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM