How to use [Authorize] to authenticate token returned by API?-CodePudding

guys!

Currently, I get a Bearer Token from an API. What I want to do is:

Get token from external API
Use .NET [Authorize] in controller
Compare token returned from API with token informed in Authorization Header of request
If they are equal, authorize the request
If they are not equal, return 401

What's the best way of doing this?

CodePudding user response：

After using [Authorize]attribute in your controller class; 3rd, 4th and 5th steps automatically performed by .NET built-in functions.

CodePudding user response：

As far as I know, the asp.net core provide the build-in authentication schema to authenticate the JWT bear token.

You could put the right settings inside the registered service with the right secret and issuer settings, then your application will check the token and set the claims into your application to achieve the authentication.

More details about how it works, you could refer to this article.

CodePudding user response：

If JTW is the only way you are authenticating endpoints, it should be as "simple" as;

services.AddAuthentication(options => {
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options => {
    options.SaveToken = true;
    options.RequireHttpsMetadata = true;
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = "..TODO..",
        ValidateAudience = true,
        ValidAudience = "..TODO..",
        IssuerSigningKey = new SymmetricSecurityKey(..TODO..);
    };
});