I have a web api service written in .net framework 4.6.2 and only mobile access this web service. However, for only log in mobile access a different web service written .net standard 2. I am able to receive a token from the server but when I try to decrypt the token at .net framework side, authentication fails.
The following is the code at .net framework side.
public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var ss = actionContext.Request.Headers;
if (!actionContext.RequestContext.Principal.Identity.IsAuthenticated)
throw new UnauthorizedAccessException();
base.OnAuthorization(actionContext);
var principal = actionContext.RequestContext.Principal.Identity as System.Security.Claims.ClaimsIdentity;
CustomPrincipal user = new CustomPrincipal(principal.Claims);
System.Threading.Thread.CurrentPrincipal = user;
}
}
The following is the start.cs at .net framework web service application where token set up
var securityKey = ConfigurationManager.AppSettings.Get("SecurityKey");
var key = System.Text.Encoding.UTF8.GetBytes(securityKey);
var signingKey = new SymmetricSecurityKey(key);
var audience = ConfigurationManager.AppSettings.Get("Audience");
var issuer = ConfigurationManager.AppSettings.Get("Issuer");
var val = new Microsoft.Owin.Security.Jwt.SymmetricKeyIssuerSecurityTokenProvider(issuer, key);
var tokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
{
ValidIssuer = val.Issuer,
ValidAudience = audience,
ValidAudiences = new string[] { audience },
ValidIssuers = new string[] { issuer },
ValidateIssuerSigningKey = true,
ValidateIssuer = true,
ValidateAudience = true,
IssuerSigningTokens = val.SecurityTokens,
ClockSkew = TimeSpan.Zero
};
app.UseJwtBearerAuthentication(new Microsoft.Owin.Security.Jwt.JwtBearerAuthenticationOptions
{
TokenValidationParameters = tokenValidationParameters
});
The following is at .net standard side startup.cs where settings are set up
private void AddCustomJwtBearer(IServiceCollection services, TokenSetting tokenSetting) {
var securityKey = tokenSetting.SecretKey;
var key = Encoding.UTF8.GetBytes(securityKey);
var signingKey = new SymmetricSecurityKey(key);
var tokenValidationParameters = new TokenValidationParameters()
{
ValidAudiences = new string[]
{
tokenSetting.Audience
},
ValidIssuers = new string[]
{
tokenSetting.Issuer
},
ValidateIssuerSigningKey = true,
IssuerSigningKey = signingKey,
ClockSkew= TimeSpan.Zero
};
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Events = new JwtBearerEvents
{
OnAuthenticationFailed = context =>
{
context.Response.Headers.Add("x-tokenstatus-header", "fail");
return Task.CompletedTask;
}
};
options.Audience = tokenSetting.Audience;
options.RequireHttpsMetadata = tokenSetting.RequireHttpsMetadata;
options.TokenValidationParameters = tokenValidationParameters;
});
}
Could you anyone help me? Please, I have been stuck here for a while. If you do any more codes please let me know.
What I have tried:
I have tried to make every thing similar.
The above code was not matched as well.