Reputation: 1243
Setting up JWT authentication in .NET core 2.0
I'm in the process of migrating existing .NET core 1.1.4 code over to .NET core 2.0. It looks like we have to change it so that we add the authentication as a service in ConfigureService() instead of in the Configure() function.
We're currently using the following properties:
AutomaticAuthenticateAutomaticChallengeTokenValidationParameters.IssuerSigningKeyTokenValidationParameters.ValidAudenceTokenValidationParameters.ValidateIssuerSigningKeyTokenValidationParameters.ValidateLifetimeTokenValidationParameters.ValidIssuer
In the migration docs, the AddJwtBearer() has an options parameter with audience so thats what I used. However, I checked the interface of the options class and there doesn't seem to be any of the other values I need. However, There is a TokenValidationParameters property. Can I just instantiate the same token I have now and use that?
1.1.4 version:
app.UseAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("AppConfiguration:Key").Value)),
ValidAudience = Configuration.GetSection("AppConfiguration:SiteUrl").Value,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ValidIssuer = Configuration.GetSection("AppConfiguration:SiteUrl").Value
}
});
2.0.0 version:
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
var siteUrl = Configuration.GetSection("AppConfiguration:SiteUrl").Value;
options.Audience = siteUrl;
options.Authority = siteUrl;
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("AppConfiguration:Key").Value)),
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ValidIssuer = Configuration.GetSection("AppConfiguration:SiteUrl").Value,
};
});
Does AutomaticAuthenticate and AutomaticChallenge become:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
Upvotes: 0
Views: 498
Answers (1)
Reputation: 13714
You're right, the AutomaticAuthenticate and AutomaticChallenge properties are gone in ASP.NET Core 2.0.
They're replaced by this overload of the AddAuthentication method in which you can specify the default authentication scheme.
The ASP.NET Core 1.x to ASP.NET Core 2.0 migration docs cover this.
Doing so means that, on every request, the authentication handler associated with the scheme (in your case, the JWT bearer token handler) will be run to try to authenticate the request.
Upvotes: 1
Related Questions
- .NET core - Configure JWT Authentication at runtime
- Jwt token authentication in ASP.NET Core
- Simple JWT authentication in ASP.NET Core 1.0 Web API
- ASP.NET Core 3+ JWT authentication
- JWT-based Authorization for API in .NET Core 2: No Unauthorized Error
- JWT on .NET Core 2.0
- . Net core 2.0 windows and jwt authentication
- Jwt Code not working on .NET Core 2
- ASP.NET Core - JwtBearer 2.0.0
- How to use JWT for asp.net Core