asp.net - Dotnet core 2.0 authentication multiple schemas identity cookies and jwt -


in dotnet core 1.1 asp, able configure , use identity middleware followed jwt middleware doing following:

  app.useidentity();   app.usejwtbearerauthentication(new jwtbeareroptions() {});

this has changed in implement middleware with:

   app.useauthentication();

configuration of settings done via configureservices section of startup.cs.

there references use of authorization schema's in migration documentation:

https://docs.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x#authentication-middleware-and-services

in 2.0 projects, authentication configured via services. each authentication scheme registered in configureservices method of startup.cs. useidentity method replaced useauthentication.

additionally there reference to:

setting default authentication schemes

in 1.x, automaticauthenticate , automaticchallenge properties intended set on single authentication scheme. there no way enforce this.

in 2.0, these 2 properties have been removed flags on individual authenticationoptions instance , have moved base authenticationoptions class. properties can configured in addauthentication method call within configureservices method of startup.cs:

alternatively, use overloaded version of addauthentication method set more 1 property. in following overloaded method example, default scheme set cookieauthenticationdefaults.authenticationscheme. authentication scheme may alternatively specified within individual [authorize] attributes or authorization policies.

is still possible in dotnet core 2.0 use multiple authentication schemas? cannot policy respect jwt configuration ("bearer" schema), , identity working @ present both configured. can't find samples of multiple authentication schemas.

edit:

i've reread documentation, , understand the:

app.useauthentication()

adds automatic authentication against default schema. identity configures default schemas you.

i have gotten around issue seems hack working against new api's doing following in startup.cs configure:

    app.useauthentication();     app.use(async (context, next) =>     {         if (!context.user.identity.isauthenticated)         {             var result = await context.authenticateasync(jwtbearerdefaults.authenticationscheme);             if (result?.principal != null)             {                 context.user = result.principal;             }         }          await next.invoke();     });

is correct way this, or should utilising framework, di , interfaces custom implementations of iauthenticationschemeprovider?

edit - futher details of implementation , find it.

the jwt config can found here, , using policies define authorization, include accepted auth schema's:

https://github.com/arragro/arragrocms/blob/master/src/arragrocms.management/startup.cs

custom middleware still implemented. auth controller here:

https://github.com/arragro/arragrocms/blob/master/src/arragrocms.web.management/apicontrollers/authcontroller.cs

it uses api keys generated app read access data. can find implementation of controller utilising policy here:

https://github.com/arragro/arragrocms/blob/master/src/arragrocms.web.management/apicontrollers/sitemapcontroller.cs

change db connection string point sql server, , run application. migrates db automatically , configures admin user (support@arragro.com - arragropassword1!). go settings tab in menu bar , click "configure jwt readonly api key settings" key. in postman, jwt token configuring new tab , setting post following address:

http://localhost:5000/api/auth/readonly-token

supply headers: content-type: application/json

supply body: 

{     "apikey": "the api token previous step" }

copy token in response, , use following in postman:

http://localhost:5000/api/sitemap/flat

authorization: "bearer - token received in previous request"

it work inititally because of custom middleware. comment out code mentioned above , try again , receive 401.

edit -@donnytian's answer below covers solution in comments. problem having setting default policy on usemvc, not supplying schema's:

    services.addmvc(config =>     {         var defaultpolicy = new authorizationpolicybuilder(new[] { jwtbearerdefaults.authenticationscheme, identityconstants.applicationscheme })                          .requireauthenticateduser()                          .build();         config.filters.add(new authorizefilter(defaultpolicy));         config.filters.add(new autovalidateantiforgerytokenattribute());         config.filters.add(new validatemodelattribute());     });

following advice, works without custom middleware.

asp.net core 2.0 support multiple authentication schemes. rather hacking authenticate middleware, can try specify schema in authorize attribute:

[authorize(authenticationschemes = jwtbearerdefaults.authenticationscheme)]

i gave try , worked fine. assuming have added both identity , jwt below:

services.addidentity<applicationuser, applicationrole>() services.addauthentication(jwtbearerdefaults.authenticationscheme)

since addidentity() set cookie authentication default schema, have specify schema in authorize attribute of controllers. now, have no idea how overwrite default schema set addidentity(), or maybe we'd better not that.

a work around compose new class (you can call jwtauthorize) derives authorize , have bearer default schema, don't have specify every time.

update

found way override identity default authentication scheme!

instead of below line:

services.addauthentication(jwtbearerdefaults.authenticationscheme)

use below overload set default schema:

services.addauthentication(option =>                 {                     option.defaultauthenticatescheme = jwtbearerdefaults.authenticationscheme;                 })                 .addjwtbearer(options =>....

Comments

Post a Comment

Popular posts from this blog

ubuntu - PHP script to find files of certain extensions in a directory, returns populated array when run in browser, but empty array when run from terminal -

i running os ububtu 16.04. ultimate goal able run php script cron job every minute. here php script located @ /var/www/html/tests/test/index.php : <?php $directorypath = $_server['document_root']."/tests/test/data/"; echo "directorypath: $directorypath<br><br>";//check $imagefilepathsarray = glob($directorypath . "*.{png,gif}", glob_brace); echo "<br><br>imagefilepathsarray: "; print_r($imagefilepathsarray);//check ?> when open php script in browser visiting url my-ip-address/tests/test/index.php , get: directorypath: /var/www/html/tests/test/data/ imagefilepathsarray:array( [0] => /var/www/html/tests/test/data/pic.png [1] => /var/www/html/tests/test/data/pic.gif ) before writing cron job in crontab file, need check if can run anywhere using terminal . opened ubuntu terminal @ /home/ location, , executed in terminal: sudo php /var/www/html/tests/test/index.php i got following out...
Read more

php - How can i create a user dashboard -

today have questions you, want create user dashboard site, include (obviously), users data, example -email -username -and others stuff how can information, , print them in html page? if can, how can these information via php sessions? shuld use session? example, if user login, , start new session ( session_start() ), how can data print in dashboard? should use php "project"? in advice, have day , thank time!
Read more

javascript - How to detect toggling of the fullscreen-toolbar in jQuery Mobile? -

i have jquery mobile page fixed full-screen toolbar, data-tap-toggle enabled. straight under toolbar have positioned banner should slide upwards when toolbar hiding , slide downward when toolbar showing. jquery mobile toggles toolbar applying , removing ui-fixed-hidden class - sadly, can't find in documentation of toolbar widget toggle , hide or show event that. how can detect when toolbar toggled, reposition banner? .banner { position: fixed; background-color: darkseagreen; top: 46px; min-height: 48px; width: 100%; text-align: center; line-height: 48px; } <!doctype html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no"> <link rel="stylesheet" href="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.css"> <script src="https://code.jquery.com/jquery-1....
Read more