I used Owin middle layer to manipulate the JWT token in my ASP.Net Web APi, It works as expected for inbuild flow.
I just wanna override the OAuthAuthorizationServerOptions functionality like Provider, AccessTokenFormat.
public class Startup
{
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
ConfigureOAuth(app);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath=new PathString("/oauth/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
Provider = new CustomOAuthProvider(),
AccessTokenFormat = new CustomJwtFormat("###################")
};
// OAuth 2.0 Bearer Access Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
}
}
public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
// Some validation and value setup
context.Validated();
return Task.FromResult<object>(null);
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// Some validation and value setup
var ticket = new AuthenticationTicket(identity, props);
context.Validated(ticket);
return Task.FromResult<object>(null);
}
public class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket>
{
private const string AudiencePropertyKey = "audience";
private readonly string _issuer = string.Empty;
public CustomJwtFormat(string issuer)
{
_issuer = issuer;
}
public string Protect(AuthenticationTicket data)
{
// JwtSecurityTokenHandler
return jwt;
}
public AuthenticationTicket Unprotect(string protectedText)
{
// Decode logic
return new AuthenticationTicket(identity.First(), new AuthenticationProperties());
}
}
Am able to generate the custom configurable JWT token in Protect method, but I unable to add custom logic while unprotect method call while receiving an authenticated request.
Am not sure When the UnProtect method called? here I have to add custom logic, It would be much appreciated for your comments.
Member
583 Points
258 Posts
Custom Jwt Token generator and Validation(ISecureDataFormat<AuthenticationTicket>).
Apr 02, 2019 12:19 PM|jayakumarvinayagam|LINK
Hi All,
I used Owin middle layer to manipulate the JWT token in my ASP.Net Web APi, It works as expected for inbuild flow.
I just wanna override the OAuthAuthorizationServerOptions functionality like Provider, AccessTokenFormat.
public class Startup { public void Configuration(IAppBuilder app) { HttpConfiguration config = new HttpConfiguration(); config.MapHttpAttributeRoutes(); ConfigureOAuth(app); app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); app.UseWebApi(config); } public void ConfigureOAuth(IAppBuilder app) { OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath=new PathString("/oauth/token"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60), Provider = new CustomOAuthProvider(), AccessTokenFormat = new CustomJwtFormat("###################") }; // OAuth 2.0 Bearer Access Token Generation app.UseOAuthAuthorizationServer(OAuthServerOptions); } }public class CustomJwtFormat : ISecureDataFormat<AuthenticationTicket> { private const string AudiencePropertyKey = "audience"; private readonly string _issuer = string.Empty; public CustomJwtFormat(string issuer) { _issuer = issuer; } public string Protect(AuthenticationTicket data) { // JwtSecurityTokenHandler return jwt; } public AuthenticationTicket Unprotect(string protectedText) { // Decode logic return new AuthenticationTicket(identity.First(), new AuthenticationProperties()); } }Am able to generate the custom configurable JWT token in Protect method, but I unable to add custom logic while unprotect method call while receiving an authenticated request.
Am not sure When the UnProtect method called? here I have to add custom logic, It would be much appreciated for your comments.
Thanks,
Contributor
2590 Points
1058 Posts
Re: Custom Jwt Token generator and Validation(ISecureDataFormat<AuthenticationTicket>).
Apr 03, 2019 06:45 AM|Yuki Tao|LINK
Hi jayakumarvinayagam,
The Protect method is called when the user actually tries to sign in to the authentication server endpoint.
The UnProtect method is called when the user tries to access a protected api url via the "[token]" authentication model.
More details,You could refer to this link:
https://stackoverflow.com/a/54844743
Best Regards.
Yuki Tao
Member
583 Points
258 Posts
Re: Custom Jwt Token generator and Validation(ISecureDataFormat<AuthenticationTicket>).
Apr 04, 2019 08:28 AM|jayakumarvinayagam|LINK
I missed OAuthBearerAuthenticationOption in StartUp, here the code.