I'm in the process of migrating existing .NET core 1.1.4 code over to .NET core 2.0. It looks like we have to change it so that we add the authentication as a service in ConfigureService() instead of in the Configure() function.
We're currently using the following properties:
AutomaticAuthenticateAutomaticChallengeTokenValidationParameters.IssuerSigningKeyTokenValidationParameters.ValidAudenceTokenValidationParameters.ValidateIssuerSigningKeyTokenValidationParameters.ValidateLifetimeTokenValidationParameters.ValidIssuerIn the migration docs, the AddJwtBearer() has an options parameter with audience so thats what I used. However, I checked the interface of the options class and there doesn't seem to be any of the other values I need. However, There is a TokenValidationParameters property. Can I just instantiate the same token I have now and use that?
1.1.4 version:
app.UseAuthentication(new JwtBearerOptions
{
AutomaticAuthenticate = true,
AutomaticChallenge = true,
TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("AppConfiguration:Key").Value)),
ValidAudience = Configuration.GetSection("AppConfiguration:SiteUrl").Value,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ValidIssuer = Configuration.GetSection("AppConfiguration:SiteUrl").Value
}
});
2.0.0 version:
services
.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
var siteUrl = Configuration.GetSection("AppConfiguration:SiteUrl").Value;
options.Audience = siteUrl;
options.Authority = siteUrl;
options.TokenValidationParameters = new TokenValidationParameters
{
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration.GetSection("AppConfiguration:Key").Value)),
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
ValidIssuer = Configuration.GetSection("AppConfiguration:SiteUrl").Value,
};
});
Does AutomaticAuthenticate and AutomaticChallenge become:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme);
You're right, the AutomaticAuthenticate and AutomaticChallenge properties are gone in ASP.NET Core 2.0.
They're replaced by this overload of the AddAuthentication method in which you can specify the default authentication scheme.
The ASP.NET Core 1.x to ASP.NET Core 2.0 migration docs cover this.
Doing so means that, on every request, the authentication handler associated with the scheme (in your case, the JWT bearer token handler) will be run to try to authenticate the request.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments