Token Authentication in ASP.NET Core 2.0 - A Complete Guide
Everything you ever wanted to know about token authentication in ASP.NET Core 2.0 and beyond.
Jay French
I’ve been using Jwt token authentication in .NET Core 2.0 on my project with no issues for several months now (well, many issues setting it up - this article probably would have made that process easier). I just upgraded to .NET Core 2.1 and the only wrinkle I have left to iron out is that my claims aren’t being populated at all. A bearer token that works in my dev environment isn’t working locally (and this process did work in .NET Core 2.0. Any ideas? I don’t see anything auth-related in the change log for .NET Core 2.1.
Masayuki Ota
Very useful document. Thank you so much!
Hakeem Babatunde Oriola
am having the same issue when I upgraded to 2.1, do you have any solution please share, Thanks
Jay French
A co-worker got it working, so I don’t know exactly what he did, but I do believe at least part of the solution was setting the Authority or the Audience (we’re setting both now, so I’m not sure which one was blank before).
PB
I have the same configuration as you, but my service does not even make a call to authority server to obtain metadata.
In console I same only information : Autorization failed, but any information about retriving metadata document. Why is that?
ModDev
The great article! Finally, I found what I needed:)
Nate Barbettini
Try increasing the log level to see the trace logs. Maybe something is failing before it gets the metadata?
PB
I found the “problem”. I checked in library source, and I saw that if request doesn’t have any Authorization header value or the value is empty, the service doesn’t make a call to authority service.
If I add authorization header value eg. Bearer xyz the service perform the call to authority server in order to obtain authorization metadata.
So your’s code is good and that was only my oversight, but I thought that the service will make a call to authority server event the authorization header value is missing or empty 
Nate Barbettini
Ah, that makes sense. The middleware doesn’t “activate” until the first time it sees a request it needs to handle.
Srinivasan ck
Can someone help me with creating the authentication and authorization of Dot net core 2 web api with AWS Cognito User pools
Lee Brandt
Probably the best place to ask this question would the developer forums https://devforum.okta.com/
I’m not super familiar with AWS Cognito, but there are s lot more eyes in the dev forums.
Jordan Pomeroy
Great post. Can you explain the options.Authority and options.Audience in more detail? I don’t know undestand the range of valid values. Thanks.
John Hammond
Here is a package which smoothly integrates Jwt Bearer Token Security in your Asp Net Core app in minutes.
It is called AspNetCore.Security.Jwt.
Also, provides Swagger UI integration too.
GitHub:
John Hammond
Here is a package which
– makes integrating JWT Bearer Token Security in your Asp Net Core 2.0+ app a breeze!
– Facebook auth integration.
– Also, Swagger UI integration!
It is called AspNetCore.Security.Jwt.
GitHub:
Henrik Magnusson
I tried your example with minor modifications on a token generated by AWS Cognito. It works great on Windows (dotnet core 2.1) but it fails on Linux (dotnet core 2.1)
Exception:
Microsoft.IdentityModel.Tokens.SecurityTokenInvalidSignatureException: IDX10511: Signature validation failed. Keys tried: 'Microsoft.IdentityModel.Tokens.RsaSecurityKey …
Exceptions caught:
'System.PlatformNotSupportedException: ‘CspKeyContainerInfo’ requires Windows Cryptographic API (CAPI), which is not available on this platform.
Cnu K
Excellent article. Can we use JWT token authentication for securing ASP.net core MVC web applications? If so, could you share sample project if you have any? Thank you.
Lee Brandt
This post is about ASP.NET Core MVC. Below is a link to the Okta ASPNET Core MVC sample:
Hope that helps.
wargravy
I’m getting the following error with the #validate-tokens-in-aspnet-core example:
Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[7]
Bearer was not authenticated. Failure message: No SecurityTokenValidator available for token: [object Object]
wargravy
I figured it out. The angular have was not sending the correct Bearer. I used https://www.jsonwebtoken.io/ to confirm that after getting the access token with the tokenmanager, I had to send it’s member “accessToken.”