I am having a lot of trouble getting my asp.net 5 web app to be able to accept JWT tokens. I have the code already fully functional using mvc5 and just want some help converting this code to be identical but work with mvc6. The way it is set up is my client (web-site) is a trusted app and uses an IssuerSigningToken to validate the trusted app status, and after that I can just pass JWT tokens and get user and claims details back from auth server.
old code:
public void Configuration(IAppBuilder app)
{
HttpConfiguration httpConfig = new HttpConfiguration();
app.UseJwtBearerAuthentication(new MyJwtOptions());
app.UseWebApi(httpConfig);
ConfigureWebApi(httpConfig);
app.UseWebApi(httpConfig);
}
public class MyJwtOptions : JwtBearerAuthenticationOptions
{
public MyJwtOptions()
{
var issuer = "https://tv.domain.com/trust/domain";
var audience = "https://www.domain.com/";
var key = Convert.FromBase64String("dW8E7DDKW34DDW33jg=");
AllowedAudiences = new[] {audience};
IssuerSecurityTokenProviders = new[] {new SymmetricKeyIssuerSecurityTokenProvider(issuer, key)};
}
}
The best example I can find that comes close is here - JwtBearerSample
app.UseJwtBearerAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
// You also need to update /wwwroot/app/scripts/app.js
options.Authority = Configuration["jwt:authority"];
options.Audience = Configuration["jwt:audience"];
});
I can not figure out if I am close or not, my main problem is how to I add the IssuerSignerToken ? I am using Thinktecture , and it doesn't seem like they have any new up-to-date example up yet. Has anyone accomplished what I am trying to do? I know there are several other similar questions , but the responses to those use X.509 Certificates , I would prefer if possible to use the same string key for IssuerSignerToken
my problem is the options I used to use inherited from Microsoft.Owin.Security.JwtBearerAuthenticationOptions the new code expects
Microsoft.AspNet.Authentication.JwtBearer.JwtBearerOptions
To use a symmetric key, you'll need to migrate to the RC2 nightly builds (it won't work natively with RC1).
Here's how you can specify the issuer key needed to validate JWT tokens (you don't need to subclass JwtBearerOptions or JwtBearerAuthenticationOptions for that):
var key = Convert.FromBase64String("dW8E7DDKW34DDW33jg=");
app.UseJwtBearerAuthentication(options => {
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.Authority = Configuration["jwt:authority"];
options.Audience = Configuration["jwt:audience"];
options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(key);
});