Home > Software engineering >  How to use [Authorize] to authenticate token returned by API?
How to use [Authorize] to authenticate token returned by API?

Time:05-04

guys!

Currently, I get a Bearer Token from an API. What I want to do is:

  • Get token from external API
  • Use .NET [Authorize] in controller
  • Compare token returned from API with token informed in Authorization Header of request
  • If they are equal, authorize the request
  • If they are not equal, return 401

What's the best way of doing this?

CodePudding user response:

After using [Authorize]attribute in your controller class; 3rd, 4th and 5th steps automatically performed by .NET built-in functions.

CodePudding user response:

As far as I know, the asp.net core provide the build-in authentication schema to authenticate the JWT bear token.

You could put the right settings inside the registered service with the right secret and issuer settings, then your application will check the token and set the claims into your application to achieve the authentication.

More details about how it works, you could refer to this article.

CodePudding user response:

If JTW is the only way you are authenticating endpoints, it should be as "simple" as;

services.AddAuthentication(options => {
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options => {
    options.SaveToken = true;
    options.RequireHttpsMetadata = true;
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = "..TODO..",
        ValidateAudience = true,
        ValidAudience = "..TODO..",
        IssuerSigningKey = new SymmetricSecurityKey(..TODO..);
    };
});
  • Related