Reputation: 1844
Token Based Authentication using ASP.NET 5 and Identity vs custom user database
I've got an existing ASP.NET 4 project consisting of a web api and a Single-page-application which is consuming the api. I've done the jwt implementation like described here http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/ , however to my big disappointment this is not so easy to port over to ASP.NET 5 and MVC 6.. I need to be able to have my own SimpleAuthorizationServerProvider class (or equivalent), since I'm authorizing my users against a local database of mine.
Inside the SimpleauthorizationServerProvider I'm:
- looking up the context's username and password in my local users db, returns an error or continues
- creating a var identity = new ClaimsIdentity(context.Options.AuthenticationType);
- adding claims - eg. identity.AddClaim(new Claim("sub", context.UserName));, also setting roles like eg. identity.AddClaim(new Claim(ClaimTypes.Role, role));
- finally, context.Validated(identity);
So I can use [Authorize] or even claims to protect my web api routes.
I've done a lot of googling on this, but I can't seem to find enough info on how to achieve this. As the author of the article linked to above says:
"The authentication/authorization in ASP,NET 5 is really different than this version, until now you can not issue access token, you can just consume them, You need to relay on identity provider for this task. So there is no direct way to upgrade this project to the latest ASP.NET 5 without using external identity provider."
I guess what I'm hoping for is help to figure out how to port that example over to ASP.NET 5, the right way.
Upvotes: 1
Views: 1413
Answers (2)
Reputation: 15144
Check out OpenIddict - I think gives you what you need.
This is practically all the configuration I needed:
ConfigureServices:
services.AddIdentity<ApplicationUser, ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddDefaultTokenProviders()
.AddOpenIddictCore<Application>(config => config.UseEntityFramework()); //added this line
Configure
app.UseOpenIddictCore(builder =>
{
// tell openiddict you're wanting to use jwt tokens
builder.Options.UseJwtTokens();
// NOTE: for dev consumption only! for live, this is not encouraged!
builder.Options.AllowInsecureHttp = true;
builder.Options.ApplicationCanDisplayErrors = true;
});
// use jwt bearer authentication
app.UseJwtBearerAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.RequireHttpsMetadata = false;
// these urls must match the value in the payload posted from the client side during login
options.Audience = "http://localhost:58292/";
options.Authority = "http://localhost:58292/";
});
There are one or two other minor things, such as your DbContext needs to derive from OpenIddictContext<ApplicationUser, Application, ApplicationRole, string>.
You can see a full length explanation (including links to the github repo) on this blog post: http://capesean.co.za/blog/asp-net-5-jwt-tokens/
Upvotes: 1
Reputation: 3288
There is a jwt bearer example here: https://github.com/aspnet/Security/tree/dev/samples/JwtBearerSample
Upvotes: 0
Related Questions
- User Authentication in ASP.NET Web API
- MVC 5 Access Claims Identity User Data
- OWIN token authentication 400 Bad Request on OPTIONS from browser
- How to pass authorization token to GET method to access authorized resource?
- ASP.NET Identity is null even the token is sent
- How to add roles to the asp identity bearer token
- Token based Authentication Web Api
- Mixing Owin Asp.Net Identity Cookie Authentication with Owin OpenId Authentication