CODEWITHSUNDEEP
c#authenticationasp.net-corejwtopenid-connect
Jeremy
Jeremy

Reputation: 1073

Add custom validation to JWT token for ASP.NET Core?

Previously, I was able to use JwtBearerAuthenticationOptions to add my custom token handler with my custom validation. Now with Core UseJwtBearerAuthentication I need to use JwtBearerOptions which doesn't seem to have an option to override JwtSecurityTokenHandler. I basically want to override the following method in JwtSecurityTokenHandler:

protected virtual JwtSecurityToken ValidateSignature(string token, TokenValidationParameters validationParameters)

Previously:

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
{
    TokenHandler = new MyTokenHandler()
    // other properties here
});

Currently with ASP.NET Core:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    // other properties here
});

Upvotes: 10

Views: 11603

Answers (2)

Sock
Sock

Reputation: 5413

If you want to actually create your own JwtSecurityTokenHandler and override the ValidateSignature method, you can use the SecurityTokenValidators property:

var options new JwtBearerOptions();
options.SecurityTokenValidators.Clear();
options.SecurityTokenValidators.Add(new MyTokenHandler());
app.UseJwtBearerAuthentication(options);

Technically the call to Clear() isn't necessary - as long as one of the token handlers can parse the token the call to authenticate will succeed. However removing the JwtSecurityTokenHandler seems to make sense if it won't ever succeed in your case.

Upvotes: 18

adem caglin
adem caglin

Reputation: 24133

JwtBearerOptions has a parameter named TokenValidationParameters, so you can use this parameter:

var tokenValidationParameters = new TokenValidationParameters
{
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,
    //...
};

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    //...
    TokenValidationParameters = tokenValidationParameters
});

Upvotes: 0

Related Questions