Menu
Say I have a .NET rich client (WPF) application that will be deployed in 3 different scenarios simultaneously:
What is a simple, proven practice for implementing the same user authorization/authentication model for this application? I.e., I want to use the same approach in my presentation layer, application layer, domain layer, etc, regardless of how the application is deployed.
Should users/roles be explicitly maintained in my SQL database via my existing Entity Framework model? Should Thread.CurrentPrincipal be the approach used by code that needs to authorize certain app features, or should some IUserService be dependency-injected?
This is a low-profile application so security is not of critical importance -- just something basic.
Thanks
After spending hours researching WIF / claims-based authentication, I still don't see any guidance on how to create a stand-alone .NET desktop application that employs this type of security. All discussions are geared to either ASP.NET or WCF. I need my application to use a standard approach that can be used in both distributed (WCF) and stand-alone deployment scenarios
736
Take a look at this.I presume it's what you're looking for:
https://gist.github.com/stonetip/8745656
var tokenHandler = new JwtSecurityTokenHandler();
var convertedSecret = EncodeSigningToken(ConfigurationManager.AppSettings["ClientSecret"]);
// Set the expected properties of the JWT token in the TokenValidationParameters
var validationParameters = new TokenValidationParameters()
{
AllowedAudience = ConfigurationManager.AppSettings["AllowedAudience"],
ValidIssuer = ConfigurationManager.AppSettings["Issuer"],
SigningToken = new BinarySecretSecurityToken(convertedSecret)
};
Thread.CurrentPrincipal = tokenHandler.ValidateToken(token, validationParameters);
if (HttpContext.Current != null)
{
HttpContext.Current.User = Thread.CurrentPrincipal;
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
