locked
Custom Jwt Token generator and Validation(ISecureDataFormat<AuthenticationTicket>). RRS feed

  • Question

  • User842257015 posted

    Hi All,

    I used <g class="gr_ gr_18 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="18" data-gr-id="18"><g class="gr_ gr_27 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" id="27" data-gr-id="27">Owin</g></g> middle layer to manipulate the JWT token in my ASP.Net Web <g class="gr_ gr_92 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" id="92" data-gr-id="92">APi</g>, It works as expected for inbuild flow.

    I just wanna override the OAuthAuthorizationServerOptions functionality like Provider, AccessTokenFormat.

    public class Startup
        {
            public void Configuration(IAppBuilder app)
            {
                HttpConfiguration config = new HttpConfiguration();
                config.MapHttpAttributeRoutes();
                ConfigureOAuth(app);
                app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
                app.UseWebApi(config); 
            }
    
            public void ConfigureOAuth(IAppBuilder app)
            {
                OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
                {
                    AllowInsecureHttp = true,
                    TokenEndpointPath=new PathString("/oauth/token"),
                    AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
                    Provider = new CustomOAuthProvider(),
                    AccessTokenFormat = new CustomJwtFormat("###################")
                };
                // OAuth 2.0 Bearer Access Token Generation
                app.UseOAuthAuthorizationServer(OAuthServerOptions);
            }
        }


    public class CustomOAuthProvider : OAuthAuthorizationServerProvider { public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // Some validation and value setup context.Validated(); return Task.FromResult<object>(null); } public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { // Some validation and value setup var ticket = new AuthenticationTicket(identity, props); context.Validated(ticket); return Task.FromResult<object>(null); }
    public class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket>
        {
            private const string AudiencePropertyKey = "audience";
    
            private readonly string _issuer = string.Empty;
    
            public CustomJwtFormat(string issuer)
            {
                _issuer = issuer;
            }
    
            public string Protect(AuthenticationTicket data)
            {
                // JwtSecurityTokenHandler
                return jwt;
            }
    
            public AuthenticationTicket Unprotect(string protectedText)
            {
    
               // Decode logic
               return new AuthenticationTicket(identity.First(), new AuthenticationProperties());
    
            }
        }

    Am able to generate the custom configurable  JWT token in Protect method, but I unable to add custom logic while unprotect method call while receiving an authenticated request.

    Am not sure When the UnProtect method called? here I have to add custom logic, It would be much appreciated for your comments.

    Thanks,

    Tuesday, April 2, 2019 12:19 PM

Answers

  • User1520731567 posted

    Hi jayakumarvinayagam,

    Am not sure When the UnProtect method called?

    The Protect method is called when the user actually tries to sign in to the authentication server endpoint.

    The UnProtect method is called when the user tries to access a protected api url via the "[token]" authentication model. 

    More details,You could refer to this link:

    https://stackoverflow.com/a/54844743

    Best Regards.

    Yuki Tao

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 3, 2019 6:45 AM
  • User842257015 posted

    I missed OAuthBearerAuthenticationOption in StartUp, here the code.

    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
                {
                    AccessTokenFormat = _tokenFormat
                });
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, April 4, 2019 8:28 AM

All replies

  • User1520731567 posted

    Hi jayakumarvinayagam,

    Am not sure When the UnProtect method called?

    The Protect method is called when the user actually tries to sign in to the authentication server endpoint.

    The UnProtect method is called when the user tries to access a protected api url via the "[token]" authentication model. 

    More details,You could refer to this link:

    https://stackoverflow.com/a/54844743

    Best Regards.

    Yuki Tao

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, April 3, 2019 6:45 AM
  • User842257015 posted

    I missed OAuthBearerAuthenticationOption in StartUp, here the code.

    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
                {
                    AccessTokenFormat = _tokenFormat
                });
    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, April 4, 2019 8:28 AM