How to Handle Custom Password-less Authentication with JWT Token?
Idea:
My Login Page is like this:
Users can Authenticate via a JWT token given from a trusted system. Username is an Audience defined in Token so i can validate that the token issued for that user.
Problem:
i have a razor asp.net core 8.0 app and added JwtBearer in program.cs with default validation parameters:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer();
i want to know how do i properly handle Login in HttpContext.SignInAsync() ? how can i add Validated token to Bearer's Authorization header?
After obtaining the token, you can use HttpClient to set the request header and add the JWT token to the default request header of HttpClient for authentication in subsequent HTTP requests.
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", jwtToken);
For verification do you need to use the relevant authentication in the "trusted system" you mentioned, or do you need to create your own? If you use system(like API) to verify, you can initiate a post request and carry the token for verification.If you want to customize verification, you can use the same method. Post the token and username to a verification-related method to perform custom-related token authentication. If successful, you can continue to the next step of cookie verification,If it fails, relevant error information will be returned.
var client = _httpClientFactory.CreateClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", jwtToken);
// create httpRequestMessage
var httpRequestMessage = new HttpRequestMessage()
{
Method = HttpMethod.Post,
RequestUri = new Uri("https://localhost:xxxx/api/token/verify"),
Content = new StringContent(JsonSerializer.Serialize(loginViewModel), Encoding.UTF8, "application/json")
};
// use client to send httpRequestMessage to api and we get a json response back
var httpResponseMessage = await client.SendAsync(httpRequestMessage);
After successful verification,can create a user information object ClaimsIdentity, which can represent the method used for authentication, and then use the user identity information created in the previous step to create a user principal object
Finally, use the HttpContext.SignInAsync method to log in the user. Method will create a persistent authentication ticket (Cookie) and send it to the client. The SignInAsync method can accept three parameters:
The first parameter is the authentication scheme name, which is used to identify the authentication method used.
The second parameter is the user principal, indicating the currently logged in user.
The third parameter is the authentication attribute, used to configure expiration time, etc.
var userIdentity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Email, loginViewModel.Username),
new Claim(ClaimTypes.AuthenticationMethod, "MyCustom"),
}, "MyCustom");
var user = new ClaimsPrincipal(userIdentity);
await HttpContext.SignInAsync("MyCustom", user, new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(20),
IsPersistent = false, // You can change this based on your requirements
AllowRefresh = false
});
// Log successful login
return RedirectToAction("Index", "Home");
- Default Authentication scheme in ASP.NET MVC
- Error message: (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.)
- JQuery Ajax Call towards ASP.NET MVC action method - "Internal Server Error ?"
- I want to pre-fill an input of type IFormFile
- Unable to send the List of model data to a view using asp.net mvc
- Asp Core, How to create Paging?
- Paging the huge data that is returned by the Web API
- Backward paging in cassandra c# driver
- The entity type 'Microsoft.AspNet.Identity.EntityFramework.IdentityUserLogin<string>' requires a key to be defined
- Paging results in asp.net
- How to pass pagination parameters from datatables.net
- Jquery dd/MM/yyyy date format validation
- Outputting nbsp; in Razor via variables?
- paging in asp.net mvc
- Unable to update database to match the current model because there are pending changes
- Problem Paging with Post Action in ASP.NET MVC
- Asp Core, How to use PagingList<T>.CreateAsync() with a viewModel?
- Sorting and Paging on repository
- CheckBox To Behave Like Toggle Switches
- String or binary data would be truncated. The statement has been terminated. System.Data.SqlClient.SqlException (0x80131904)
- How to generate COMMON KEY RING to Share cookies across subdomains?
- Invalid object name 'dbo.AspNetUsers' in Asp.NET MVC 5 Entity Framework
- ASP.NET MVC : form is null when posting to controller
- No type was found that matches the controller named 'help'
- How do I include a model with a RedirectToAction?
- Create instance of a class with dependencies using Autofac
- Ajax url Data result
- Why loading some css and js file taking too long time?
- Antiforgery token migration from .NET framework to .NET Core
- how do i return the json object of my ajax GET request to an API in Asp.net MVC