Menu
I have built an application which uses JWT bearer authentication in ASP.NET Core. When authenticating I define some custom claims which i need to read in another WebAPI controller in order to execute some actions.
Any ideas How Can I achieve this?
This how my code looks like:(Code has been simplified)
public async Task<IActionResult> AuthenticateAsync([FromBody] UserModel user) { .............. var tokenHandler = new JwtSecurityTokenHandler(); var key = Encoding.ASCII.GetBytes(_appSettings.Secret); var tokenDescriptor = new SecurityTokenDescriptor { Subject = new ClaimsIdentity(new Claim[] { new Claim("userSecurityKey", userDeserialized.SecurityKey.ToString()), new Claim("timeStamp",timeStamp), new Claim("verificationKey",userDeserialized.VerificationKey.ToString()) }), Expires = DateTime.UtcNow.AddDays(7), SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature) }; var token = tokenHandler.CreateToken(tokenDescriptor); var tokenString = tokenHandler.WriteToken(token); ................. } Another controller: (It Needs to read "verificationKey" claim.)
[HttpGet] [Route("getcandidate")] public async Task<IActionResult> GetCandidateAsync() { try { ............ var verificationKey = //TODO: GET VerificationKey FROM THE TOKEN var verificationRecord = await service.GetVerificationRecordAsync(verificationKey); ................. } catch (Exception) { return NotFound(); } } 
946
Get the JWT tokenAdd an instance variable of the RESTClient object. On the Open event of your window, create the object variable and Set the Request Header. On the source code window of your Send Request button, add the RESTClient. GetJWTToken() function to call the Web API to get a token.
In a JWT, a claim appears as a name/value pair where the name is always a string and the value can be any JSON value. Generally, when we talk about a claim in the context of a JWT, we are referring to the name (or key). For example, the following JSON object contains three claims ( sub , name , admin ):
JWT claims Claims constitute the payload part of a JSON web token and represent a set of information exchanged between two parties. The JWT standard distinguishes between reserved claims, public claims, and private claims. In API Gateway context, both public claims and private claims are considered custom claims.
You should be able to retrieve a claims like this within your controller
var identity = HttpContext.User.Identity as ClaimsIdentity; if (identity != null) { IEnumerable<Claim> claims = identity.Claims; // or identity.FindFirst("ClaimName").Value; } If you wanted, you could write extension methods for the IPrincipal interface and retrieve claims using the code above, then retrieve them using (for example)
HttpContext.User.Identity.MethodName(); For completeness of the answer. To Decode the JWT token let's write a method to validate the token and extract the information.
public static ClaimsPrincipal ValidateToken(string jwtToken) { IdentityModelEventSource.ShowPII = true; SecurityToken validatedToken; TokenValidationParameters validationParameters = new TokenValidationParameters(); validationParameters.ValidateLifetime = true; validationParameters.ValidAudience = _audience.ToLower(); validationParameters.ValidIssuer = _issuer.ToLower(); validationParameters.IssuerSigningKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(Encoding.UTF8.GetBytes(_appSettings.Secret)); ClaimsPrincipal principal = new JwtSecurityTokenHandler().ValidateToken(jwtToken, validationParameters, out validatedToken); return principal; } Now we can validate and extract the Claims by using:
ValidateToken(tokenString)?.FindFirst("ClaimName")?.Value
You should note that the ValidateToken method will return null value if the validation fails.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
