Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Namespaces for .NET JWT token validation: System vs. Microsoft

Tags:

I am trying to use JWT to authenticate a Node application to an ASP.NET Web API.

In ASP.NET, I am using .NET 4.5.1 and nuget package System.IdentityModel.Tokens.Jwt 5.0.0

What I don't understand is, why the namespaces are mixed between Microsoft and System.

For example:

var tokenReader = new JwtSecurityTokenHandler();  tokenReader.ValidateToken(token,                  new TokenValidationParameters()             {                 ValidateAudience = false             },                 out validatedToken);

The main JwtSecurityTokenHandler is in the System.IdentityModel.Tokens.Jwt namespace, but the TokenValidationParameters class and its dependencies are in the Microsoft.IdentityModel.Tokens namespace, and possibly collide with similar classes in the System.IdentityModel.Tokens namespace.

Is this by design or is this a possible sign of a version mismatch somewhere else?

like image 453
wrschneider Avatar asked Jul 22 '16 12:07

wrschneider

People also ask

How do I get JWT token in Visual Studio?

Setup the .Net 5.0 Web API Project. Generate JWT Token. Validate JWT Token using Custom Middleware and Custom Authorize Attribute. Testing the Endpoint (API) with Swagger. Open Visual Studio and select "Create a new project" and click the "Next" button.

What is JWT and how to validate JWT with ASP NET Core?

JWT is very famous in web development. It is an open standard that allows transmitting data between parties as a JSON object in a secure and compact way. In this article, we learned how to create and Validate JWT with ASP.NET core application. Thank you for reading, please let me know your questions, thoughts, or feedback in the comments section.

What is the default value of tokenvalidationparameters in JWE?

In the case of a JWE, this property will ONLY apply to the inner token header. The default is null. Returns a new instance of TokenValidationParameters with values copied from this object.

What parts of the JWT system are used in the code samples?

The code samples use the JWT token handler and a few related classes to create and validate JWT tokens, but no other parts of the .NET Identity system are used.

1 Answers

If you take a look at the dependency for

nuget System.IdentityModel.Tokens.Jwt 4.0.2

vs

nuget System.IdentityModel.Tokens.Jwt 5.0

you'll see that 5.0 has a dependency on

Dependencies

.NETFramework 4.5.1

Microsoft.IdentityModel.Tokens (>=5.0.0)

that 4.0 didn't have. In fact, no previous version did.

Microsoft is re-architect-ing their frameworks to be more light weight. In a framework the size of ASP.NET, you will have many functional redundancies.

To make WIF lighter, while remaining backwards compatible, the decision was made to remove the redundant functionality from libraries like System.IdentityModel.Tokens.Jwt no longer depend on System.IdentityModel.Tokens, but instead on Microsoft.IdentityModel.Tokens. One of the unfortunate results is that both layers expose the same methods.

like image 99
Dave Alperovich Avatar answered Nov 09 '22 10:11

Dave Alperovich
Sign in to Comment

Related questions

Is there a way to style Picker component for React Native and make its height smaller?
Should my Django site's main page be an app?
Is a CSS pixel really an absolute unit? That is, is 1 inch = 96px true?
Fetch with ReadableStream as Request Body
spring-data-rest integration test fails with simple json request
Merge child process stdout and stderr
Mixing C++11 atomics and OpenMP
How does the Javadoc deal with the visibility of modules in Java 9?
How to test if function was called with defined parameters ( toHaveBeenCalledWith ) with Jest
How to get column-level dependencies in a view
Angular 4 app using IE 11, "Can't execute code from a freed script"
Does Room support entity inheritance?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!