CODEWITHSUNDEEP
asp.net-coreidentityserver4
Ismail Fedaoui
Ismail Fedaoui

Reputation: 17

Validate the JWT Bearer Token In Identity Server 4

I have an Identity Server running based on IdentityServer 4, and I have an ASP.NET WebAPI built in ASP.Net Core Web API. I have a successfully login on the /connect/token endpoint of the identity server. I want to check the validity of JWT bearer token sent in the header of my API requests.

This is the configuration in my startup API project :

In ConfigureServices :

services.AddAuthentication(IdentityServerAuthenticationDefaults.AuthenticationScheme)
        .AddIdentityServerAuthentication(options =>
        {
            //base-address of my identityserver
            options.Authority = "https://localhost:5000/";

            //name of the API resource
            options.ApiName = "API_Resource_Name";
            });

In Configure :

 app.UseAuthentication();

NB : I've Added Authorize Annotation to my controller

Upvotes: 0

Views: 3473

Answers (1)

GH DevOps
GH DevOps

Reputation: 420

Add authentication and authorization to your API Startup.cs ConfigureServices:

            services.AddAuthentication("bearer")
            .AddJwtBearer("bearer", options =>
            {
                options.Authority = Configuration["Authority"];                    
                options.Events = new Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerEvents
                {
                    OnMessageReceived = context =>
                    {

                        var accessToken = context.Request.Query["access_token"];

                        var path = context.HttpContext.Request.Path;
                        if (!string.IsNullOrEmpty(accessToken) && (path.StartsWithSegments("/chathub")))
                        {
                            context.Token = accessToken;
                        }
                        return Task.CompletedTask;
                    },
                    OnTokenValidated = context =>
                    {
                        var token = context.SecurityToken as JwtSecurityToken;
                        if (token != null)
                        {
                            ClaimsIdentity identity = context.Principal.Identity as ClaimsIdentity;
                            if (identity != null)
                            {
                                identity.AddClaim(new Claim("access_token", token.RawData));
                            }
                        }

                        return Task.CompletedTask;
                    }
                };

                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateAudience = false,
                    NameClaimType = "name",
                    RoleClaimType = "role"
                };
            });

And then...

services.AddAuthorization(options =>
        {
            options.AddPolicy("ApiScope", policy =>
            {
                policy.RequireAuthenticatedUser();
                policy.RequireClaim("scope", "SignalR.API");
            });
        });

Inside Configure...

app.UseAuthentication();
app.UseAuthorization();

Upvotes: 4

Related Questions