C#•16mo ago

❔ JWT Authentication: Name goes to claims not identity.Name

Following Patrick God tutorial for JWT Authentication and Authorization here: Here's the class in question with dummy token:

public class CustomAuthStateProvider : AuthenticationStateProvider
    {
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
        {
            string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdWIiOiIxMjM0NTY3ODkwIiwiTmFtZSI6IkpvaG4gRG9lIiwiSWF0IjoxNTE2MjM5MDIyfQ.uzQBTdl2-2Ox4am86ZeHGBejT3bRe1A3B_VkY1HBVt4";
            var identity = new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt");
            var user = new ClaimsPrincipal(identity);
            var state = new AuthenticationState(user);
            NotifyAuthenticationStateChanged(Task.FromResult(state));
            return state;
        }
        public static IEnumerable<Claim> ParseClaimsFromJwt(string jwt)
        {
            var payload = jwt.Split('.')[1];
            var jsonBytes = ParseBase64WithoutPadding(payload);
            var keyValuePairs = JsonSerializer.Deserialize<Dictionary<string, object>>(jsonBytes);
            return keyValuePairs.Select(kvp => new Claim(kvp.Key, kvp.Value.ToString()));
        }
        private static byte[] ParseBase64WithoutPadding(string base64)
        {
            switch (base64.Length % 4)
            {
                case 2: base64 += "=="; break;
                case 3: base64 += "="; break;
            }
            return Convert.FromBase64String(base64);
        }
    }

public class CustomAuthStateProvider : AuthenticationStateProvider
    {
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
        {
            string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdWIiOiIxMjM0NTY3ODkwIiwiTmFtZSI6IkpvaG4gRG9lIiwiSWF0IjoxNTE2MjM5MDIyfQ.uzQBTdl2-2Ox4am86ZeHGBejT3bRe1A3B_VkY1HBVt4";
            var identity = new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt");
            var user = new ClaimsPrincipal(identity);
            var state = new AuthenticationState(user);
            NotifyAuthenticationStateChanged(Task.FromResult(state));
            return state;
        }
        public static IEnumerable<Claim> ParseClaimsFromJwt(string jwt)
        {
            var payload = jwt.Split('.')[1];
            var jsonBytes = ParseBase64WithoutPadding(payload);
            var keyValuePairs = JsonSerializer.Deserialize<Dictionary<string, object>>(jsonBytes);
            return keyValuePairs.Select(kvp => new Claim(kvp.Key, kvp.Value.ToString()));
        }
        private static byte[] ParseBase64WithoutPadding(string base64)
        {
            switch (base64.Length % 4)
            {
                case 2: base64 += "=="; break;
                case 3: base64 += "="; break;
            }
            return Convert.FromBase64String(base64);
        }
    }

Here's the razor HTML from the shared image:

<Authorized>
        <span>You're Authorized as @context.User.Identity.Name</span>
        <br/>
        <span>Claims associated with the user:</span>
        <ul>
            @foreach (var claim in context.User.Claims)
            {
                <li>@claim.Type: @claim.Value</li>
            }
        </ul>
    </Authorized>

<Authorized>
        <span>You're Authorized as @context.User.Identity.Name</span>
        <br/>
        <span>Claims associated with the user:</span>
        <ul>
            @foreach (var claim in context.User.Claims)
            {
                <li>@claim.Type: @claim.Value</li>
            }
        </ul>
    </Authorized>

33 Replies

BigggMoustacheOP•16mo ago

Everything is exactly the same as the video aside me checking claims in html, but his claim overwrites the @context.User.Identity.Name Thanks for any help given!

JakenVeina•16mo ago

uhhh...whose claim? can we clarify the issue here? context.User.Identity is being overwritten? By what?

BigggMoustacheOP•16mo ago

the context.User.Identity is overwritten by var state = new AuthenticationState(user);. Here user holds a claim type Name so I'm wondering why it's not overwriting the User.Identity.Name as shown in the linked tutorial and instead making a new claim under context.User.Claims.

JakenVeina•16mo ago

wait, this is all client-side auth?

BigggMoustacheOP•16mo ago

yeah

JakenVeina•16mo ago

mm-kay I have basically no experience with the client-side auth framework

BigggMoustacheOP•16mo ago

Oh well neither do I 🤣 I'm not really concerned with any particulars at this moment other than why the JWT isn't overriding the default claims or whatever you call them and instead adding claims

JakenVeina•16mo ago

me, I'd probably start looking at the source, if there's really no official docs for it

BigggMoustacheOP•16mo ago

idk what you mean

JakenVeina•16mo ago

source code, I mean

BigggMoustacheOP•16mo ago

oh the example code?

JakenVeina•16mo ago

no the source code

BigggMoustacheOP•16mo ago

like the code I'm writing? I'm writing this. lol.

JakenVeina•16mo ago

no the source code for the thing you're trying to figure out

BigggMoustacheOP•16mo ago

the identity docs? oh okay lmao

JakenVeina•16mo ago

if there are docs, sure

BigggMoustacheOP•16mo ago

sorry I'm dense. Yeah there are.

JakenVeina•16mo ago

otherwise, the source

BigggMoustacheOP•16mo ago

gotcha sorry for being dense

JakenVeina•16mo ago

no big what library is this?

BigggMoustacheOP•16mo ago

ClaimsPrincipal(IEnumerable<ClaimsIdentity>) Initializes a new instance of the ClaimsPrincipal class using the specified claims identities.

this is aspnet identity

JakenVeina•16mo ago

specifically

BigggMoustacheOP•16mo ago

oh one sec

JakenVeina•16mo ago

like I said, I'm not familiar with the client-side libs

BigggMoustacheOP•16mo ago

for the identity claims creation it's System.Security.Claims and Microsoft.AspNetCore.Components.Authorization too

JakenVeina•16mo ago

allllright so, what is context here? also, have you read this?

JakenVeina•16mo ago

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-7.0#authentication

ASP.NET Core Blazor authentication and authorization

Learn about Blazor authentication and authorization scenarios.

JakenVeina•16mo ago

also this

JakenVeina•16mo ago

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/server/?view=aspnetcore-7.0&tabs=visual-studio#implement-a-custom-authenticationstateprovider

Secure ASP.NET Core Blazor Server apps

Learn how to secure Blazor Server apps as ASP.NET Core applications.

Accord•16mo ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

BigggMoustacheOP•15mo ago

I'm actually not entirely sure. I'm guessing httpcontext which has information from authorization middleware. I have not read those in total but have referenced them when trying to figure this out. They don't show this particular process in detail, that us unpacking a JWT and applying to a claimsidentity.

JakenVeina•15mo ago

I'm guessing httpcontext

well, don't guess, look and see the second link seems to explicitly demonstrate iplementing a custom state provider, where the claims come from is irrelevant although, at a glance, I don't see anything different than what you've shown me

Accord•15mo ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

Gaming

Programming

❔ JWT Authentication: Name goes to claims not identity.Name