I have Authorization server which built on .NET 4.5.1 and use Microsoft.Owin.Security.OAuth Version=3.0.0 http://prntscr.com/hvwhl4 Tokens protected via machinkey (OAuthAuthorizationServerOptions.AccessTokenFormat is default). I also have many application-consumers(resource servers) on .NET 4.5.1 which validate these tokens http://prntscr.com/hvwwdu http://prntscr.com/hvwiwr. All these applications have the same machinkey in web.config
Now I try to build .net core 2.0 application and I need to use the same tokens from my Auth server(.net 4.5.1 owin 3.0.0). How can I validate and read claims from Microsoft.Owin.Security.OAuth(3.0.0) tokens in .net core 2.0?
One note: I can't change my Auth server and define DataProtector in Auth server. So I need to find a way how to "decode" OWIN tokens in .net core using existing machine key.
UPDATE: So I've opened issue on github https://github.com/aspnet/Security/issues/1592
Now It is closed and the answer was: "Closing because there are no plans to support this. You can use a 3rd party token server such as Identity Server to issue tokens that work with both systems. Or, you can write custom code for ASP.NET Core to handle the OWIN/Katana-style tokens."
I find a kind of solution. I use Autofac.Integration.Owin package and OAuthAuthorizationServerMiddleware in my Auth server to define in run time from which resource server I got the request and then define in which format I need to return token.
Please find below a piece of code from Autofac config in Auth server:
OWIN allows web apps to be decoupled from web servers. It defines a standard way for middleware to be used in a pipeline to handle requests and associated responses. ASP.NET Core applications and middleware can interoperate with OWIN-based applications, servers, and middleware.
I implemented a workaround with this package Owin.Token.AspNetCore.
var ticket = LegacyOAuthSecurityTokenHelper.GetTicket(token, new LegacyTokenAuthenticationOptions
{
DecryptionKey = "machineKey-DecryptionKey",
ValidationKey = "machineKey-ValidationKey",
EncryptionMethod = EncryptionMethod.AES, // Default AES
ValidationMethod = ValidationMethod.HMACSHA256 // Default HMACSHA256
}));
// Authenticate your user with ticket.Identity.Claims!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With