c# - JWT on .NET Core 2.0 -


i've been on quite adventure jwt working on dotnet core 2.0 (now reaching final release today). there ton of documentation, sample code seems using deprecated apis , coming in fresh core, it's positively dizzying figure out how it's supposed implemented. tried using jose, app. usejwtbearerauthentication has been deprecated, , there no documentation on next.

does have open source project uses dotnet core 2.0 can parse jwt authorization header , allow me authorize requests hs256 encoded jwt token?

the class below doesn't throw exceptions, no requests authorized, , no indication why unauthorized. responses empty 401's, me indicates there no exception, secret isn't matching.

one odd thing tokens encrypted hs256 algorithm, see no indicator tell force use algorithm anywhere.

here class have far:

using system; using system.collections.generic; using system.io; using microsoft.aspnetcore.authentication; using microsoft.aspnetcore.authentication.jwtbearer; using microsoft.aspnetcore.builder; using microsoft.aspnetcore.hosting; using microsoft.aspnetcore.http; using microsoft.extensions.configuration; using microsoft.extensions.dependencyinjection; using microsoft.net.http.headers; using newtonsoft.json.linq; using microsoft.identitymodel.tokens; using system.text;  namespace site.authorization {     public static class siteauthorizationextensions     {         public static iservicecollection addsiteauthorization(this iservicecollection services)         {             var signingkey = new symmetricsecuritykey(encoding.ascii.getbytes("secret_key"));              var tokenvalidationparameters = new tokenvalidationparameters             {                 // signing key must match!                 validateissuersigningkey = true,                 validateaudience = false,                 validateissuer = false,                 issuersigningkeys = new list<securitykey>{ signingkey },                   // validate token expiry                 validatelifetime = true,             };              services.addauthentication(options =>             {                 options.defaultauthenticatescheme = jwtbearerdefaults.authenticationscheme;                 options.defaultchallengescheme = jwtbearerdefaults.authenticationscheme;               })              .addjwtbearer(o =>             {                 o.includeerrordetails = true;                 o.tokenvalidationparameters  = tokenvalidationparameters;                 o.events = new jwtbearerevents()                 {                     onauthenticationfailed = c =>                     {                         c.noresult();                          c.response.statuscode = 401;                         c.response.contenttype = "text/plain";                          return c.response.writeasync(c.exception.tostring());                     }                  };             });              return services;         }     } }

my tokenvalidationparameters works when this:

var tokenvalidationparameters = new tokenvalidationparameters         {             validateissuersigningkey = true,             issuersigningkey = getsigninkey(),             validateissuer = true,             validissuer = getissuer(),             validateaudience = true,             validaudience = getaudience(),             validatelifetime = true,             clockskew = timespan.zero,         };

and 

    static private symmetricsecuritykey getsigninkey()     {         const string secretkey = "very_long_very_secret_secret";         var signingkey = new symmetricsecuritykey(encoding.utf8.getbytes(secretkey));          return signingkey;     }      static private string getissuer()     {         return "issuer";     }      static private string getaudience()     {         return "audience";     }

moreover, add options.requirehttpsmetadata = false this:

         .addjwtbearer(options =>        {                     options.tokenvalidationparameters =tokenvalidationparameters                     options.requirehttpsmetadata = false;        });

edit:

dont forget call 

 app.useauthentication();

in startup.cs -> configure method before app.usemvc();


Comments

Post a Comment

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

python Tkinter Capturing keyboard events save as one single string -

is possible store keyboard events 1 string? code below stores 1 char , prints it. card reader or bar code reader, contains collection of character/ string not 1 character @ time. goal save char pressed text variable. from tkinter import * root = tk() def key(event): text= event.char text+= event.char print ("pressed", text) def callback(event): frame.focus_set() print ("clicked at", event.x, event.y) frame = frame(root, width=100, height=100) frame.bind("<key>", key) frame.bind("<button-1>", callback) frame.pack() root.mainloop() currently, creating text variable , everytime key() function gets called, , text stores last character typed. you can define text module level variable , , use module level text inside key function - text = '' def key(event): global text text+= event.char print("pressed", text)
Read more

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -

here tables: create table customer ( cid int primary key, name varchar(32) ) create table ord ( oid int primary key, cid int foreign key references customer, address varchar(20) ) here's linq-to-sql statement: var aaa = c in db.customer select new { c, o = c.ord.tolist() }; and here's inexplicable query generated linq-to-sql: select [t0].[cid] [cid], [t0].[name] [name], [t1].[oid] [oid], [t1].[cid] [cid2], [t1].[address] [address], (select count(*) [dbo].[ord] [t2] [t2].[cid] = [t0].[cid]) [value] [dbo].[customer] [t0] left outer join [dbo].[ord] [t1] on [t1].[cid] = [t0].[cid] order [t0].[cid], [t1].[oid] i want understand how rid of count(*) part. it's entirely uncalled for! linq needs count(*) in order determine number of entries returned o = c.ord.tolist() .
Read more