问题
I am having a lot of trouble getting my asp.net 5 web app to be able to accept JWT tokens. I have the code already fully functional using mvc5 and just want some help converting this code to be identical but work with mvc6. The way it is set up is my client (web-site) is a trusted app and uses an IssuerSigningToken to validate the trusted app status, and after that I can just pass JWT tokens and get user and claims details back from auth server.
old code:
public void Configuration(IAppBuilder app)
{
HttpConfiguration httpConfig = new HttpConfiguration();
app.UseJwtBearerAuthentication(new MyJwtOptions());
app.UseWebApi(httpConfig);
ConfigureWebApi(httpConfig);
app.UseWebApi(httpConfig);
}
public class MyJwtOptions : JwtBearerAuthenticationOptions
{
public MyJwtOptions()
{
var issuer = "https://tv.domain.com/trust/domain";
var audience = "https://www.domain.com/";
var key = Convert.FromBase64String("dW8E7DDKW34DDW33jg=");
AllowedAudiences = new[] {audience};
IssuerSecurityTokenProviders = new[] {new SymmetricKeyIssuerSecurityTokenProvider(issuer, key)};
}
}
The best example I can find that comes close is here - JwtBearerSample
app.UseJwtBearerAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
// You also need to update /wwwroot/app/scripts/app.js
options.Authority = Configuration["jwt:authority"];
options.Audience = Configuration["jwt:audience"];
});
I can not figure out if I am close or not, my main problem is how to I add the IssuerSignerToken ? I am using Thinktecture , and it doesn't seem like they have any new up-to-date example up yet. Has anyone accomplished what I am trying to do? I know there are several other similar questions , but the responses to those use X.509 Certificates , I would prefer if possible to use the same string key for IssuerSignerToken
UPDATE
my problem is the options I used to use inherited from Microsoft.Owin.Security.JwtBearerAuthenticationOptions the new code expects
Microsoft.AspNet.Authentication.JwtBearer.JwtBearerOptions
回答1:
To use a symmetric key, you'll need to migrate to the RC2 nightly builds (it won't work natively with RC1).
Here's how you can specify the issuer key needed to validate JWT tokens (you don't need to subclass JwtBearerOptions or JwtBearerAuthenticationOptions for that):
var key = Convert.FromBase64String("dW8E7DDKW34DDW33jg=");
app.UseJwtBearerAuthentication(options => {
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.Authority = Configuration["jwt:authority"];
options.Audience = Configuration["jwt:audience"];
options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(key);
});
回答2:
Pinpoint's answer is exactly right, I though thought I could add on that and prevent hours of frustrating problems while getting this to work.
do not set anything to the property Authority
// even if everything else is properly set you will get 500
// some demos tell you to put CLientId here , that is wrong
options.Authority = "";
you can't set the configurations directly , you have to make a new Configurations object like so:
options.Configuration = new Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfiguration()
{
Issuer = "https://tv.domain.com/trust/domain"
};
in MVC5 you would use System.Security.Claims in your controller to get current User like so:
var user = ClaimsPrincipal.Current;
that will no longer work, now you will add this in the controller:
var user = User.Identity;
回答3:
You can use it like this :
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = clientIds,
IssuerSecurityKeyProviders = new IIssuerSecurityKeyProvider[]
{
new SymmetricKeyIssuerSecurityKeyProvider(issuer, key)
}
});
来源:https://stackoverflow.com/questions/34348704/jwtbearer-bearer-token-with-rc-1-update-to-asp-net-5