Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Share default OWIN tokens in .Net core

Tags:

asp.net-core

.net-core

token

owin

machinekey

I have Authorization server which built on .NET 4.5.1 and use Microsoft.Owin.Security.OAuth Version=3.0.0 http://prntscr.com/hvwhl4 Tokens protected via machinkey (OAuthAuthorizationServerOptions.AccessTokenFormat is default). I also have many application-consumers(resource servers) on .NET 4.5.1 which validate these tokens http://prntscr.com/hvwwdu http://prntscr.com/hvwiwr. All these applications have the same machinkey in web.config

Now I try to build .net core 2.0 application and I need to use the same tokens from my Auth server(.net 4.5.1 owin 3.0.0). How can I validate and read claims from Microsoft.Owin.Security.OAuth(3.0.0) tokens in .net core 2.0?

One note: I can't change my Auth server and define DataProtector in Auth server. So I need to find a way how to "decode" OWIN tokens in .net core using existing machine key.

UPDATE: So I've opened issue on github https://github.com/aspnet/Security/issues/1592

Now It is closed and the answer was: "Closing because there are no plans to support this. You can use a 3rd party token server such as Identity Server to issue tokens that work with both systems. Or, you can write custom code for ASP.NET Core to handle the OWIN/Katana-style tokens."

I find a kind of solution. I use Autofac.Integration.Owin package and OAuthAuthorizationServerMiddleware in my Auth server to define in run time from which resource server I got the request and then define in which format I need to return token.

Please find below a piece of code from Autofac config in Auth server: enter image description here

like image 668
Alex Gorbel Avatar asked Jan 08 '18 15:01

Alex Gorbel

People also ask

What is OWIN in .NET core?

OWIN allows web apps to be decoupled from web servers. It defines a standard way for middleware to be used in a pipeline to handle requests and associated responses. ASP.NET Core applications and middleware can interoperate with OWIN-based applications, servers, and middleware.

1 Answers

I implemented a workaround with this package Owin.Token.AspNetCore.

var ticket = LegacyOAuthSecurityTokenHelper.GetTicket(token, new LegacyTokenAuthenticationOptions
    {
        DecryptionKey = "machineKey-DecryptionKey",
        ValidationKey = "machineKey-ValidationKey",
        EncryptionMethod = EncryptionMethod.AES, // Default AES
        ValidationMethod = ValidationMethod.HMACSHA256 // Default HMACSHA256
    }));

// Authenticate your user with ticket.Identity.Claims!
like image 185
turgayozgur Avatar answered Sep 29 '22 15:09

turgayozgur
Sign in to Comment

Related questions

IIS Express + HttpPlatformHandler crash when launching ASP.NET 5 RC1 application
Get XML comments output file location for ASP Core
How to get TLS/SSL related information in ASP.NET Core?
Re-challenge authenticated users in ASP.NET Core
Url.Action with protocol is returning a link without domain
Unit test an internal class in ASP.NET Core
Asp.Net Core validation without jQuery
System.MissingMethodException in Program.cs
ASP.NET Core with separate databases
Publish ASP.NET Core to IIS with GITLAB CI/CD
OData and Cosmos DB
Why is .NET OData Serializer so slow
Certificate Authentication Implementation in ASP.NET Core 3.1
Serialize Json object with "multi-type" property
vNext on Apache webserver
ASP.NET 5 HTML5 History
Prevent Visual Studio from nesting Typescript files
How to setup a fallback resource file for Views
Allow the end-user to switch the Entity Framework provider at runtime
Use body stream parameter in WebApi controller's action

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!