I have created custom middleware class which validates the JWT token. I am calling this method before app.AddMvc() in configure method. ***
I would like to know what are the things that I should add to Configuration services to authenticate my web API using JWT? I have added [Authorize] in my Controller class
Do I need to call my middleware class which validates the JWT token first in Configure method? or I should call App.UseAuthentication()
I am using the following order :
app.UseAuthentication();
app.MessageHandlerMiddleware();
app.UseMvc();
I am new to .net web API implementation. Could you please help me out?
From one of my answers you can see how we pass JWT token and how the code looks for classic .NET (non-core) ASP.NET WebAPI 2.
There are not many differences, the code for ASP.NET Core looks similar.
The key aspect is - when you add JWT config in Startup the app handles validation automatically.
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
IssuerSigningKey = _configuration.GetSymmetricSecurityKey(),
ValidAudience = _configuration.GetValidAudience(),
ValidIssuer = _configuration.GetValidIssuer()
};
});
(use the above link to see the implementation of GetSymmetricSecurityKey, GetValidAudience, GetValidIssuer ext. methods)
Also very important part:
services.AddAuthorization(auth =>
{
auth
.AddPolicy(
_configuration.GetDefaultPolicy(),
new AuthorizationPolicyBuilder()
.AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
.RequireAuthenticatedUser().Build()
);
});
来源:https://stackoverflow.com/questions/51943722/how-to-validate-jwt-token-in-aspnet-core-web-api