Aloji.JwtSecurity
1.0.1
dotnet add package Aloji.JwtSecurity --version 1.0.1
NuGet\Install-Package Aloji.JwtSecurity -Version 1.0.1
<PackageReference Include="Aloji.JwtSecurity" Version="1.0.1" />
paket add Aloji.JwtSecurity --version 1.0.1
#r "nuget: Aloji.JwtSecurity, 1.0.1"
// Install Aloji.JwtSecurity as a Cake Addin
#addin nuget:?package=Aloji.JwtSecurity&version=1.0.1
// Install Aloji.JwtSecurity as a Cake Tool
#tool nuget:?package=Aloji.JwtSecurity&version=1.0.1
JwtSecurity
The object is to allow using a token generated in an OWIN OAuth 2.0 Server in AspNet.Core projects.
Nugets: https://www.nuget.org/profiles/aloji
Real life problem
We have the authorization server implemented with OWIN OAuth 2.0, but the new developments are with AspNetCore
The first idea was to use the machine keys
MachineKey
If the authorization server and the resource server are not on the same computer, the OAuth middleware will use the different machine keys to encrypt and decrypt bearer access token. In order to share the same private key between both projects, we add the same machinekey setting in both web.config files.
The problem is that machinekey does not exist in AspNetCore, but MS gives us a compatibility solution to replace the machinekey settings in AspNetWebApi2 and using a key storge provider like redis we can be shared the keys.
After several hours trying to implement this solution, I realized that it was easier, cleaner and cheaper to change the token generator to use JWT and dont use any external provider.
Configuration
How to setup the JwtSecurity in OWIN OAuth 2.0 Server (full sample code)
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
appBuilder.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AccessTokenFormat = new JwtSecureDataFormat(
new JwtSecurityOptions
{
Issuer = "yourIssuerCode",
IssuerSigningKey = "yourIssuerSigningKeyCode"
})
});
}
}
How to setup the JwtSecurity in Resource Server .NetFramework (full sample code)
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
appBuilder.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtSecureDataFormat(
new JwtSecurityOptions
{
Issuer = "yourIssuerCode",
IssuerSigningKey = "yourIssuerSigningKeyCode"
})
});
}
}
How to setup the JwtSecurity in Resource Server .NetFramework with Owin Auth Compatibility
public class Startup
{
public void Configuration(IAppBuilder appBuilder)
{
appBuilder.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new MachineKeyCompatibilityDataFormat(
new JwtSecurityOptions
{
Issuer = "yourIssuerCode",
IssuerSigningKey = "yourIssuerSigningKeyCode"
})
});
}
}
How to setup the JwtSecurity in Resource Server .NetCore (full sample code)
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services
.AddJwtBearerAuthentication(options =>
{
options.Issuer = "yourIssuerCode";
options.IssuerSigningKey = "yourIssuerSigningKeyCode";
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseAuthentication();
}
}
Bonus:
I developed a middleware to create a JwtServer with AspNetCore very similar to OwinOAuth2 settings
How to setup the JwtServer in AspNetCore (full sample code)
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddJwtServer();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseJwtServer(options => {
options.TokenEndpointPath = "/token";
options.AccessTokenExpireTimeSpan = new TimeSpan(1, 0, 0);
options.Issuer = "yourIssuerCode";
options.IssuerSigningKey = "yourIssuerSigningKeyCode";
options.AuthorizationServerProvider = new AuthorizationServerProvider
{
OnGrantResourceOwnerCredentialsAsync = async (context) =>
{
if (context.UserName != context.Password)
{
context.SetError("Invalid user authentication");
return;
}
var claims = new List<Claim>
{
new Claim(ClaimTypes.Surname, context.UserName)
};
context.Validated(claims);
await Task.FromResult(0);
}
};
});
}
}
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
.NET Standard | netstandard2.0 is compatible. netstandard2.1 was computed. |
.NET Framework | net451 is compatible. net452 was computed. net46 was computed. net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
MonoAndroid | monoandroid was computed. |
MonoMac | monomac was computed. |
MonoTouch | monotouch was computed. |
Tizen | tizen40 was computed. tizen60 was computed. |
Xamarin.iOS | xamarinios was computed. |
Xamarin.Mac | xamarinmac was computed. |
Xamarin.TVOS | xamarintvos was computed. |
Xamarin.WatchOS | xamarinwatchos was computed. |
-
.NETFramework 4.5.1
- System.IdentityModel.Tokens.Jwt (>= 5.2.4)
-
.NETStandard 2.0
- System.IdentityModel.Tokens.Jwt (>= 5.2.4)
NuGet packages (2)
Showing the top 2 NuGet packages that depend on Aloji.JwtSecurity:
Package | Downloads |
---|---|
Aloji.AspNetCore.JwtSecurity
Package Description |
|
Aloji.Owin.JwtSecurity
JwtServer Owin |
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.1 | 13,030 | 8/28/2018 |