Namespaces for .NET JWT token validation: System vs. Microsoft

Question

I am trying to use JWT to authenticate a Node application to an ASP.NET Web API.

In ASP.NET, I am using .NET 4.5.1 and nuget package System.IdentityModel.Token

Answer 1

In these cases, when you instance you must provide the entire namespace to inform the compiler which Class and namespace you're referencing. So, you will avoid conflicts.

Microsoft.Identity is deprecated in NET 4.5. And you can see more here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/256c6bcd-6752-4487-b2e8-6c63f4efb9e9/difference-between-microsoftidentitymodel-and-systemidentitymodel?forum=Geneva

Answer 2

If you take a look at the dependency for

nuget System.IdentityModel.Tokens.Jwt 4.0.2

vs

nuget System.IdentityModel.Tokens.Jwt 5.0

you'll see that 5.0 has a dependency on

Dependencies

.NETFramework 4.5.1

Microsoft.IdentityModel.Tokens (>=5.0.0)

that 4.0 didn't have. In fact, no previous version did.

Microsoft is re-architect-ing their frameworks to be more light weight. In a framework the size of ASP.NET, you will have many functional redundancies.

To make WIF lighter, while remaining backwards compatible, the decision was made to remove the redundant functionality from libraries like System.IdentityModel.Tokens.Jwt no longer depend on System.IdentityModel.Tokens, but instead on Microsoft.IdentityModel.Tokens. One of the unfortunate results is that both layers expose the same methods.