Authentication in dot net core preview-2.0

Asked 26/6, 2017 at 5:42 Answered 14/9, 2017 at 7:21

Solved .net-core asp.net-core-webapi .net-core-rc2

I tried jwt token authentication in my web api project in .net-core preview-2, but it's not working properly.

JwtBearerAppBuilderExtensions.UseJwtBearerAuthentication(IA‌pplicationBuilder, JwtBearerOptions)' is obsolete: 'See go.microsoft.com/fwlink/?linkid=845470';

When i try same code to dot net core 1.2, it runs properly. What should i do?

Nicoline answered 26/6, 2017 at 5:42 Comment(2)

You should always include any error messages you get as text, that way search can find them, and people don't have to zoom into your picture. – Coolie 26/6, 2017 at 6:28

the error said: 'JwtBearerAppBuilderExtensions.UseJwtBearerAuthentication(IApplicationBuilder, JwtBearerOptions)' is obsolete: 'See go.microsoft.com/fwlink/?linkid=845470' – Nicoline 26/6, 2017 at 6:31

i think you should use:

 var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));


        var tokenValidationParameters = new TokenValidationParameters
        {
            // The signing key must match!
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = signingKey,
            // Validate the JWT Issuer (iss) claim
            ValidateIssuer = true,
            ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
            // Validate the JWT Audience (aud) claim
            ValidateAudience = true,
            ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
            // Validate the token expiry
            ValidateLifetime = true,
            // If you want to allow a certain amount of clock drift, set that here:
            ClockSkew = TimeSpan.Zero
        };
        services.AddJwtBearerAuthentication(options =>
        {
            options.TokenValidationParameters = tokenValidationParameters;
        });
        services.AddAuthorization(options =>
        {
            options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
        });
        services.AddCors(options =>
        {
            options.AddPolicy("CorsPolicy",
                builder => builder.AllowAnyOrigin()
                .AllowAnyMethod()
                .AllowAnyHeader()
                .AllowCredentials());
        });

Eckel answered 10/8, 2017 at 4:43 Comment(2)

This solution doesn't work for me. IServiceCollection doesn't contain the definition for AddJwtBearerAuthentication . Can you please let me know how can I resolve this. I, am using .net core 2.0 – Odontoblast 9/9, 2017 at 9:14

please install nuget package Microsoft.AspNetCore.Authentication.JwtBearer then you can add AddJwtBearerAuthentication. – Nicoline 12/9, 2017 at 4:45

In the released version it can be used like the following:

var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection("TokenAuthentication:SecretKey").Value));

var tokenValidationParameters = new TokenValidationParameters
{
    // The signing key must match!
    ValidateIssuerSigningKey = true,
    IssuerSigningKey = signingKey,
    // Validate the JWT Issuer (iss) claim
    ValidateIssuer = true,
    ValidIssuer = Configuration.GetSection("TokenAuthentication:Issuer").Value,
    // Validate the JWT Audience (aud) claim
    ValidateAudience = true,
    ValidAudience = Configuration.GetSection("TokenAuthentication:Audience").Value,
    // Validate the token expiry
    ValidateLifetime = true,
    // If you want to allow a certain amount of clock drift, set that here:
    ClockSkew = TimeSpan.Zero
};

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options => {
        jwtOptions.TokenValidationParameters = tokenValidationParameters;
});

services.AddAuthorization(options =>
{
    options.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme).RequireAuthenticatedUser().Build();
});
services.AddCors(options =>
{
    options.AddPolicy("CorsPolicy",
        builder => builder.AllowAnyOrigin()
        .AllowAnyMethod()
        .AllowAnyHeader()
        .AllowCredentials());
});

Source: https://learn.microsoft.com/en-us/aspnet/core/migration/1x-to-2x/identity-2x (See JWT Bearer Authentication)

Sidestroke answered 14/9, 2017 at 7:21 Comment(0)

The configuration with options moved to the IServiceCollection. The IApplicationBuilder should just be told to UseAuthentication.

app.UseAuthentication();

In the ConfigureServices for IServiceCollection, you can configure it with your options.

services.AddJwtBearerAuthentication( o => 
        {
            o.Audience = "someaudience";
            o.Authority = "someAuthoriy";
        });

Bloodfin answered 26/6, 2017 at 6:12 Comment(2)

i tried your solution, but it shows me this error: cannot convert from 'Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions' to 'System.Action<Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerOptions>' – Nicoline 26/6, 2017 at 6:26

It needs a function. Can you try services.AddJwtBearerAuthentication(o => { o.Audience = ..., o.Authority = ... } Not sure of the options are all the same in .Net Core 2, with CookieAuthentication they changed those too. – Bloodfin 26/6, 2017 at 6:32

Recommended topics

Hot tags