Best IT Recipes

JWT Media Token Stream

I want to use the JWT generation and JWT consumption method in the ASP.NET core.

There is no OAuth2 stream, I have IdentityServerv3 working with OAuth2, but this is just an excess for a single application accessing the API when I have both sides.

The main source of the difficulty I came across is finding the equivalent of Microsoft.Owin.Security.Jwt in ASP.NET Core. Nothing on this list https://www.myget.org/gallery/aspnetvnext seems to be relevant. Or should this package actually remain relevant in ASP.NET Core?

+6
asp.net-core jwt bearer-token
May 31 '15 at 4:52
source share
2 answers

If you are looking for a (simple) way to generate your own JWT tokens, you should use JwtSecurityTokenHandler directly. You can find it in the System.IdentityModel.Tokens package in the MyGet repository you mentioned (but the version is a bit outdated) or directly in the Azure AD repository in the System.IdentityModel.Tokens.Jwt package: https://www.myget.org / gallery / azureadwebstacknightly

Of course, using a standard protocol to issue and retrieve JWT tokens is more than recommended, and OAuth2 and OpenID Connect are probably the best candidates for this.

Note that IdentityServer is not the only server that runs on ASP.NET 5. I personally work on the advanced version of the OAuth2 authorization server middleware that ships with Katana 3 and offers a different approach: https://github.com/aspnet -contrib / AspNet.Security.OpenIdConnect.Server

 app.UseOAuthBearerAuthentication(new JwtBearerOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, Audience = "http://localhost:54540/", Authority = "http://localhost:54540/" }); app.UseOpenIdConnectServer(options => { options.Provider = new AuthorizationProvider(); });

To learn more about this project, I would recommend reading http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/ .

Feel free to ping me at https://jabbr.net/#/rooms/AspNetCore if you need more information.

+5
Jun 05 '15 at 17:51
source share

I started using OpenIddict , and I think this is exactly what you need.

This, in essence, is all the configuration I need:

ConfigureServices:

 services.AddIdentity<ApplicationUser, ApplicationRole>() .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders() .AddOpenIddictCore<Application>(config => config.UseEntityFramework());

Customization

 app.UseOpenIddictCore(builder => { // tell openiddict you're wanting to use jwt tokens builder.Options.UseJwtTokens(); // NOTE: for dev consumption only! for live, this is not encouraged! builder.Options.AllowInsecureHttp = true; builder.Options.ApplicationCanDisplayErrors = true; }); // use jwt bearer authentication app.UseJwtBearerAuthentication(options => { options.AutomaticAuthenticate = true; options.AutomaticChallenge = true; options.RequireHttpsMetadata = false; options.Audience = "http://localhost:58292/"; options.Authority = "http://localhost:58292/"; });

There are one or two other minor things, for example, your DbContext should flow from OpenIddictContext<ApplicationUser, Application, ApplicationRole, string> .

In this blog post, you can see the full explanation (including links to the github repository): http://capesean.co.za/blog/asp-net-5-jwt-tokens/

+2
Jan 08 '16 at 21:47
source share


More articles:


All Articles