Setup OAuth2 JWT Token for ADFS and .Net Core

大兔子大兔子 提交于 2021-02-08 11:42:42

问题


Can someone explain the the OAuth2 JWT token generation and verification in .Net Core?


回答1:


First You need to setup ADFS with a client id and redirect URL, then get a JWT token from ADFS server. See this post http://blog.scottlogic.com/2015/03/09/OAUTH2-Authentication-with-ADFS-3.0.html

After that, if you are using .Net Core with JWT Bearer Token you need to export ADFS signing certificate using the following powershell commands:

$certRefs=Get-AdfsCertificate -CertificateType Token-Signing
$certBytes=$certRefs[0].Certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
[System.IO.File]::WriteAllBytes("c:\foo.cer", $certBytes)

Then in your .Net Core application start up, you need to use package Microsoft.AspNetCore.Authentication.JwtBearer and look at this post http://andrewlock.net/a-look-behind-the-jwt-bearer-authentication-middleware-in-asp-net-core/

Code in start up class:

var signingKey = new X509SecurityKey(
    new System.Security.Cryptography.X509Certificates.X509Certificate2(
        "YOUR-PATH/foo.cer"));

var tokenValidationParameters = new TokenValidationParameters
{
    // The signing key must match!
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,

    // Validate the JWT Issuer (iss) claim
    ValidateIssuer = true,
    ValidIssuer = "http://YOUR-ADFS/adfs/services/trust",

    // Validate the JWT Audience (aud) claim
    ValidateAudience = true,
    ValidAudience = "https://YOUR-AUDIENCE/",

    // Validate the token expiry
    ValidateLifetime = true,

    // If you want to allow a certain amount of clock drift, set that here:
    ClockSkew = TimeSpan.Zero
};

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = tokenValidationParameters
});



回答2:


Please check this below link helps u but the procedure is same.

https://www.codeproject.com/Articles/1080899/How-to-get-Jwt-token-for-Logged-On-User-or-Applica

OAuth2 Authorization Provider 1.0.0 nuget package has method (ValidateToken) to validate given jwt token but it has certificate dependency (provider).

Install certificate under Local computer trusted root which is your adfs certificate.

Nuget package will identity installed cert based on SubjectKeyIdentifier.



来源:https://stackoverflow.com/questions/41006890/setup-oauth2-jwt-token-for-adfs-and-net-core

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!