I am using my own OWIN server with C # and configured my application to use authorization with JWT, as shown below. This works correctly, and invalid tokens are rejected using 401 Unauthorized and valid tokens.
My question is how can I write a log about why requests are denied. Is it expired? Was this the wrong audience? Was there a gift? I want all failed requests to be logged, but I cannot find any example of how.
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Filters.Add(new AuthorizeAttribute());
appBuilder.UseJwtBearerAuthentication(new JwtOptions());
appBuilder.UseWebApi(config);
}
}
JwtOptions.cs
public class JwtOptions : JwtBearerAuthenticationOptions
{
public JwtOptions()
{
var issuer = WebConfigurationManager.AppSettings["CertificateIssuer"];
var audience = WebConfigurationManager.AppSettings["CertificateAudience"];
var x590Certificate = Ap21X509Certificate.Get(WebConfigurationManager.AppSettings["CertificateThumbprint"]);
AllowedAudiences = new[] { audience };
IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
{
new X509CertificateSecurityTokenProvider(issuer, new X509Certificate2(x590Certificate.RawData))
};
}
}
I assume that I will need to do my own check to do this, but I don’t know how to implement this.