NET Core JWT - How to handle Validate Authentication in Micro ServiceHow to escape braces (curly brackets) in a format string in .NETHow can I get the application's path in a .NET console application?Best practices for server-side handling of JWT tokensWhat is secret key for JWT based authentication and how to generate it?Is this JWT based authentication method safe?How to properly supply legacy Firebase JWT token as “auth” to the REST API?Implementing JWT authentication in Asp.net WebApi using Microsoft System.IdentityModel.Tokens.JwtJWT authentication for ASP.NET Web APIHow Do I Manually Validate a JWT Asp.Net Core?JWT handling with WSO2-AM
Declining an offer to present a poster instead of a paper
Why is the Turkish president's surname spelt in Russian as Эрдоган, with г?
Why aren't (poly-)cotton tents more popular?
What is this particular type of chord progression, common in classical music, called?
What determines the "strength of impact" of a falling object on the ground, momentum or energy?
Does image quality of the lens affect "focus and recompose" technique?
Do French speakers not use the subjunctive informally?
In the Marvel universe, can a human have a baby with any non-human?
How to perform Login Authentication at the client-side?
"It will become the talk of Paris" - translation into French
Does Hubble need to dump momentum of its reaction wheels?
Are there any vegetarian astronauts?
Does the Paladin's Aura of Protection affect only either her or ONE ally in range?
How well known and how commonly used was Huffman coding in 1979?
Does squid ink pasta bleed?
Counting occurrence of words in table is slow
Is there a short way to compare many values mutually at same time without using multiple 'and's?
Calculating the partial sum of a expl3 sequence
Symbolic equivalent of chmod 400
Should I tell my insurance company I'm making payments on my new car?
Layout of complex table
A player is constantly pestering me about rules, what do I do as a DM?
How should I behave to assure my friends that I am not after their money?
Why isn’t the tax system continuous rather than bracketed?
NET Core JWT - How to handle Validate Authentication in Micro Service
How to escape braces (curly brackets) in a format string in .NETHow can I get the application's path in a .NET console application?Best practices for server-side handling of JWT tokensWhat is secret key for JWT based authentication and how to generate it?Is this JWT based authentication method safe?How to properly supply legacy Firebase JWT token as “auth” to the REST API?Implementing JWT authentication in Asp.net WebApi using Microsoft System.IdentityModel.Tokens.JwtJWT authentication for ASP.NET Web APIHow Do I Manually Validate a JWT Asp.Net Core?JWT handling with WSO2-AM
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
In Startup.cs (NET CORE), I use JWT to create and valid Token.
In now, I need to refresh token and handle it with Blacklist Token.
At login, I created AccessToken & Refresh Token.
I've founded another security solutions here.
https://scotch.io/@sagarsubedi/3-level-jwt-secret-is-this-a-good-idea
Query the database for the user
Validate signature
get the app_secret
get user_secret form the user
using the token_id claim get the token_secret from the token_info of the user.
also validate the exp claim of the token with the one stored
use header, payload and the secrets to recompute the signature.
make sure that signature that came with the token and recomputed signature match.
I'd show my current code in Authorization token.
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
)
.AddJwtBearer (configureOptions =>
configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
configureOptions.TokenValidationParameters = tokenValidationParameters;
configureOptions.SaveToken = true;
configureOptions.Events = new JwtBearerEvents
OnAuthenticationFailed = context =>
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
context.Response.Headers.Add("Token-Expired", "true");
return Task.CompletedTask;
;
);
I don't know how to handle valid follow solution in Start > ConfigureServices.
I think I need to handle Validate token
because I must Check blacklist in DB before valid token.
(Or do example like another solution)
In current, It's only valid token, but can not check blacklist in DB. Or do anything.
Please help me.
.net security jwt
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
add a comment |
In Startup.cs (NET CORE), I use JWT to create and valid Token.
In now, I need to refresh token and handle it with Blacklist Token.
At login, I created AccessToken & Refresh Token.
I've founded another security solutions here.
https://scotch.io/@sagarsubedi/3-level-jwt-secret-is-this-a-good-idea
Query the database for the user
Validate signature
get the app_secret
get user_secret form the user
using the token_id claim get the token_secret from the token_info of the user.
also validate the exp claim of the token with the one stored
use header, payload and the secrets to recompute the signature.
make sure that signature that came with the token and recomputed signature match.
I'd show my current code in Authorization token.
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
)
.AddJwtBearer (configureOptions =>
configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
configureOptions.TokenValidationParameters = tokenValidationParameters;
configureOptions.SaveToken = true;
configureOptions.Events = new JwtBearerEvents
OnAuthenticationFailed = context =>
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
context.Response.Headers.Add("Token-Expired", "true");
return Task.CompletedTask;
;
);
I don't know how to handle valid follow solution in Start > ConfigureServices.
I think I need to handle Validate token
because I must Check blacklist in DB before valid token.
(Or do example like another solution)
In current, It's only valid token, but can not check blacklist in DB. Or do anything.
Please help me.
.net security jwt
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
hi, everybody can understand my question ?
– Cristen Rafalko
Mar 26 at 2:03
add a comment |
In Startup.cs (NET CORE), I use JWT to create and valid Token.
In now, I need to refresh token and handle it with Blacklist Token.
At login, I created AccessToken & Refresh Token.
I've founded another security solutions here.
https://scotch.io/@sagarsubedi/3-level-jwt-secret-is-this-a-good-idea
Query the database for the user
Validate signature
get the app_secret
get user_secret form the user
using the token_id claim get the token_secret from the token_info of the user.
also validate the exp claim of the token with the one stored
use header, payload and the secrets to recompute the signature.
make sure that signature that came with the token and recomputed signature match.
I'd show my current code in Authorization token.
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
)
.AddJwtBearer (configureOptions =>
configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
configureOptions.TokenValidationParameters = tokenValidationParameters;
configureOptions.SaveToken = true;
configureOptions.Events = new JwtBearerEvents
OnAuthenticationFailed = context =>
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
context.Response.Headers.Add("Token-Expired", "true");
return Task.CompletedTask;
;
);
I don't know how to handle valid follow solution in Start > ConfigureServices.
I think I need to handle Validate token
because I must Check blacklist in DB before valid token.
(Or do example like another solution)
In current, It's only valid token, but can not check blacklist in DB. Or do anything.
Please help me.
.net security jwt
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
In Startup.cs (NET CORE), I use JWT to create and valid Token.
In now, I need to refresh token and handle it with Blacklist Token.
At login, I created AccessToken & Refresh Token.
I've founded another security solutions here.
https://scotch.io/@sagarsubedi/3-level-jwt-secret-is-this-a-good-idea
Query the database for the user
Validate signature
get the app_secret
get user_secret form the user
using the token_id claim get the token_secret from the token_info of the user.
also validate the exp claim of the token with the one stored
use header, payload and the secrets to recompute the signature.
make sure that signature that came with the token and recomputed signature match.
I'd show my current code in Authorization token.
services.AddAuthentication(options =>
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
)
.AddJwtBearer (configureOptions =>
configureOptions.ClaimsIssuer = jwtAppSettingOptions[nameof(JwtIssuerOptions.Issuer)];
configureOptions.TokenValidationParameters = tokenValidationParameters;
configureOptions.SaveToken = true;
configureOptions.Events = new JwtBearerEvents
OnAuthenticationFailed = context =>
if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
context.Response.Headers.Add("Token-Expired", "true");
return Task.CompletedTask;
;
);
I don't know how to handle valid follow solution in Start > ConfigureServices.
I think I need to handle Validate token
because I must Check blacklist in DB before valid token.
(Or do example like another solution)
In current, It's only valid token, but can not check blacklist in DB. Or do anything.
Please help me.
.net security jwt
.net security jwt
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
asked Mar 25 at 11:13
Cristen RafalkoCristen Rafalko
377 bronze badges
377 bronze badges
hi, everybody can understand my question ?
– Cristen Rafalko
Mar 26 at 2:03
add a comment |
hi, everybody can understand my question ?
– Cristen Rafalko
Mar 26 at 2:03
hi, everybody can understand my question ?
– Cristen Rafalko
Mar 26 at 2:03
hi, everybody can understand my question ?
– Cristen Rafalko
Mar 26 at 2:03
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55336520%2fnet-core-jwt-how-to-handle-validate-authentication-in-micro-service%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55336520%2fnet-core-jwt-how-to-handle-validate-authentication-in-micro-service%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
hi, everybody can understand my question ?
– Cristen Rafalko
Mar 26 at 2:03