C
C#4mo ago
Natro

Migrating to Microsoft.IdentityModel.JsonWebTokens .net6 => .net8

Hi, I am migrating a project which uses Duende as identity server + Ocelot gateway from .NET 6 to .NET 8. In Ocelot AuthorizationMiddleware project uses JWT subclaims and tries to access them like this: 
var subClaimValue = user.Claims.FirstOrDefault(x => x.Type == CommonConstants.ClaimSub)?.Value; // "sub"
roleType = user.Claims.FirstOrDefault(x => x.Type == CommonConstants.ClaimRoleType)?.Value; // "roleType"
var subClaimValue = user.Claims.FirstOrDefault(x => x.Type == CommonConstants.ClaimSub)?.Value; // "sub"
roleType = user.Claims.FirstOrDefault(x => x.Type == CommonConstants.ClaimRoleType)?.Value; // "roleType"
I noticed that after migrating I was receiving error when authenticating users regarding Signature {"IDX10500: Signature validation failed. No security keys were provided to validate the signature."}. Stack overflow hinted me to removing System.IdentityModel.Tokens.Jwt package and moving to Microsoft.IdentityModel.JsonWebTokens as there has been breaking change in aspnet core. https://github.com/dotnet/aspnetcore/issues/52075#issuecomment-1815025177 ...
GitHub
.NET 8 behaves differently for JwtBearerOptions in AddJwtBearer · ...
Is there an existing issue for this? I have searched the existing issues Describe the bug Upgrading an api project with authorization around JWT Bearer tokens from .NET 7 to .NET 8 has some behavio...
1 Reply
Natro
Natro4mo ago
So this is how my auth schema looks like: 
services
    .AddAuthentication("api_key")
    .AddJwtBearer("api_key", options =>
    {
        options.Authority = Configuration["SecurityServerBaseAddress"];
        options.RequireHttpsMetadata = false;
        options.TokenValidationParameters.ValidateAudience = false;
        options.TokenValidationParameters.ValidateIssuerSigningKey = false;
        options.TokenValidationParameters.SignatureValidator = delegate (string token, TokenValidationParameters parameters)
        {
            var jwt = new Microsoft.IdentityModel.JsonWebTokens.JsonWebToken(token);
            return jwt;
        };
    });
services
    .AddAuthentication("api_key")
    .AddJwtBearer("api_key", options =>
    {
        options.Authority = Configuration["SecurityServerBaseAddress"];
        options.RequireHttpsMetadata = false;
        options.TokenValidationParameters.ValidateAudience = false;
        options.TokenValidationParameters.ValidateIssuerSigningKey = false;
        options.TokenValidationParameters.SignatureValidator = delegate (string token, TokenValidationParameters parameters)
        {
            var jwt = new Microsoft.IdentityModel.JsonWebTokens.JsonWebToken(token);
            return jwt;
        };
    });
Now back to the claims issue - right below my auth schema I see following lines: 
// Without map cleanup sub claim type is not available for authorization ocelot middleware
System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
// Without map cleanup sub claim type is not available for authorization ocelot middleware
System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
This function is needed to be called in order to access subclaims and authorizing users properly. I would like to avoid making change to whole authorization middleware as I don't have capacity for that currently. Is there diferent way to achieve the same? Or is there a way to keep using System.IdentityModel.Tokens.Jwt? Or is it necessary to migrate?
Want results from more Discord servers?
Add your server
More Posts
Process working set is twice as commited managed memoryHi! I have an ASP.NET Core 8 app running on Linux in Docker. It's memory usage is limited by 512M. Resource based authorization with IdentityHello, I have the following setup in my asp.net core project: A `Workspace` model that has a bunch o✅ is .net 8.0 is not compatibleHey hi guys I'm new to this group and .net I just started learning .net I don't have any experience Help with why code is returning this way.Hello, I'm a CS student learning C# for the first time and i'm having some confusion on why my code