Last post May 05, 2020 03:01 PM by bruce (sqlwork.com)
May 04, 2020 09:32 AM|pacojones|LINK
I'm working on ASP.Net Core 3.1 for API development, and I was adding logic to validate Bearer tokens, I'm quite new on this and found out logic like this:
public static void AddAuthentication(this IServiceCollection services, IConfiguration config)
options.Authority = "https://loremipsum.com";
options.RequireHttpsMetadata = true;
options.Audience = "LoremIpSum";
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
ValidateActor = true,
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
RequireExpirationTime = true,
ValidIssuer = "https://loremipsum.com",
NameClaimType = "name"
.AddCookie(options => options.SlidingExpiration = true);
I was wondering, this allows me to specify some options, but how can I tell to validate tokens offline or online?
Or by default this provides logic only for online validation?
This might be a rookie question and it may be quite simple but I'm not following :(
May 05, 2020 08:19 AM|Sherry Chen|LINK
I'm not familar with JwtBear Token , for Offline Token Validation , the follwoing microsoft official blog may be helpful:
May 05, 2020 03:01 PM|bruce (sqlwork.com)|LINK
The typical case is that the asp.net core site is creating the bearer token, so it can validate (knows the signing key). If the bearer token is from another source, then you will need to write custom validation logic.