Menu
I have a use case where I want my new application (which is the source of authentication) to provide a JWT to legacy applications.
I am attempting to use the package, System.IdentityModel.Tokens.Jwt 5.0.0-beta7 (and I could easily move to beta8 if necessary). Creating the token was simple, but I am having issues properly signing it. Here is my current code:
Claim[] claims = {
new Claim(ClaimTypes.Email, "[email protected]"),
new Claim(ClaimTypes.Role, "admin"),
new Claim(ClaimTypes.Uri, ""),
new Claim(ClaimTypes.Expiration, DateTime.UtcNow.Add(TimeSpan.FromDays(1)).ToString()),
new Claim("personId", personId.ToString())
};
var key = Convert.FromBase64String("my super secret key goes here");
var signingCredentials = new SigningCredentials(
new SymmetricSecurityKey(key),
SecurityAlgorithms.HMAC_SHA256,
SecurityAlgorithms.Sha256Digest
);
var jwt = new JwtSecurityToken("localhost", "all", claims,
DateTime.UtcNow, DateTime.UtcNow.AddDays(1), signingCredentials);
var handler = new JwtSecurityTokenHandler();
handler.WriteToken(jwt);
return Content($"{handler.WriteToken(jwt)}");
If I do not sign the token, everything works correctly. However, as soon as I add signing credentials, I receive an error that HMAC is not supported. I did find another SO post that says support for symmetric keys does not yet exist. However, in my search, I see extensive use of the library. In particular, I see the use of InMemorySymmetricSecurityKey. However, when I try to use it myself, it can't be found in any namespace, so I am a bit confused as where I go from here.
This is a long-winded explanation to basically ask - how do I properly sign the JWT with a simple secret?
669
ASP.NET Core 3.1 - Create and Validate JWT Tokens + Use Custom JWT Middleware 1 Installing the JWT Token Library via NuGet. ... 2 Creating a JWT Token in ASP.NET Core. ... 3 Validating a JWT Token in ASP.NET Core. ... 4 Validating Tokens in Custom JWT Middleware. ... 5 Checking Token Validated with Custom Authorize Attribute. ...
The code samples use the jwt token handler and a few related classes to create and validate JWT tokens, no other parts of the ASP.NET Core Identity system are used. .NET Core CLI: dotnet add package System.IdentityModel.Tokens.Jwt
To configure the JWT (JSON web tokens) we must have the Nuget package installed inside the project, so let's first add the project dependencies. Inside the Visual Studio - Click on Tools -> Nuget Package Manager -> Manage Nuget packages for solution. Install-Package Microsoft.AspNetCore.Authentication.JwtBearer -Version 5.0.7
Let us test the Get API. JWT is very famous in web development. It is an open standard that allows transmitting data between parties as a JSON object in a secure and compact way. In this article, we learned how to create and Validate JWT with ASP.NET core application.
When we moved to the new versions of CoreClr, we had to temporarily drop support for HMAC. We choose to add support for ECDSA in RC1 and plan on adding HMAC back in RC2.
Sorry for the hassle. You could add your own SignatureProvider OR wait a couple of weeks.
188
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
