Click here to Skip to main content
14,669,072 members
Home » Discussions » ASP.NET
   

ASP.NET

 
GeneralRe: ASP .NET sql database network connection string Pin
Member 1462055331-Jul-20 10:05
MemberMember 1462055331-Jul-20 10:05 
GeneralRe: ASP .NET sql database network connection string Pin
F-ES Sitecore1-Aug-20 1:20
mveF-ES Sitecore1-Aug-20 1:20 
GeneralRe: ASP .NET sql database network connection string Pin
Steve Naidamast16-Aug-20 7:44
professionalSteve Naidamast16-Aug-20 7:44 
QuestionIndividual Accounts in webapi project vs2017 Pin
ganesh.dks28-Jul-20 21:44
Memberganesh.dks28-Jul-20 21:44 
QuestionUsing Authorize(Roles) in my API controller Pin
jkirkerx20-Jul-20 6:36
professionaljkirkerx20-Jul-20 6:36 
AnswerRe: Using Authorize(Roles) in my API controller Pin
jkirkerx21-Jul-20 6:01
professionaljkirkerx21-Jul-20 6:01 
AnswerWell after another failed day to figure it out ... Pin
jkirkerx21-Jul-20 12:53
professionaljkirkerx21-Jul-20 12:53 
AnswerThink I figured it out Pin
jkirkerx22-Jul-20 12:51
professionaljkirkerx22-Jul-20 12:51 
After looking at hundreds of examples and tutorials on the subject, most tutorials where repeats of the age 21
I rewrote the way my app auths using JWT. Wasn't really a complete rewrite but rewritten anyways.

Finally got it to Authorize on a plain Authorize attribute. I got the error that the token needs 3 or 5 parts and that opened my eyes up to what the ValidIssuer and ValidAudience is, An account at Auth0 in which you use a third party Authority to generate extra secure parts of the JWT token. I suspect that the people that wrote the tutorials earlier never really explained what this does, and that my upgrade to.Net Core 3.1 simply exposed my security flaws.

The other confusion was that 3/4 of the tutorials were for authenticating razor pages and not api calls.

So I went from status 401 to 403, to 3 or 5 parts needed.
I'll turn off ValidateIssuer, ValidateAudience, ValidateIssuerSigningKey and ValidateLifetime and work on Roles and Policies.

So I'm back to not authenticating after login again, but I think I know why now. Might have something to do with cookie authentication. I must have some View and Razor stuff mixed in wrong. Or it's not aware of falling back to Bearer after login.
Something like that.

I'll sign up for a personal Auth0 account and program the authority later this week.
The Authorize attribute works, just didn't have a way to see the errors.

I have new authentication schemes now, injected into services
services.AddAuthorization(auth =>
{
  auth.AddPolicy(AuthPolicies.Admin, AuthPolicies.AdminPolicy());
  auth.AddPolicy(AuthPolicies.Account, AuthPolicies.AccountPolicy());                            
});
And a new AddAuthentication
// Add all authentication schemes at once
services.AddAuthentication(option =>
{
    option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

})
.AddIdentityServerJwt()
.AddCookie(option => option.SlidingExpiration = true)<br />
.AddGoogle(CertificateAuthenticationDefaults.AuthenticationScheme, option =>
{
    var googleAuthNSection = Config.GetSection("Authentication:Google");<br />
    option.ClientId = googleAuthNSection["ClientId"];
    option.ClientSecret = googleAuthNSection["ClientSecret"];
})
.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
{
    var settings = Config.GetSection("Settings");
    var secretKey = settings.GetValue<string>("Auth0:Secret");
    var authority = settings.GetValue<string>("Auth0:Authority");
    var audience = settings.GetValue<string>("Auth0:Audience");
    var issuer = settings.GetValue<string>("Auth0:Issuer");
    var expiresDays = settings.GetValue<int>("Auth0:ExpireDays");
    var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secretKey));

    options.Audience = audience;
    options.Authority = authority;<br />
    options.SaveToken = false;
    options.RequireHttpsMetadata = false;
    options.Configuration = new OpenIdConnectConfiguration();<br />
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ClockSkew = TimeSpan.FromMinutes(0),
        ValidateIssuerSigningKey = false,
        ValidateIssuer = false,
        ValidateAudience = false,
        ValidateLifetime = false,
        ValidIssuer = issuer,
        ValidAudience = audience,<br />
        IssuerSigningKey = signingKey
    };

    options.Events = new JwtBearerEvents
    {
        OnAuthenticationFailed = context =>
        {
            if (context.Exception.GetType() == typeof(SecurityTokenExpiredException))
            {
                context.Response.Headers.Add("Token-Expired", "true");
            }
            return Task.CompletedTask;
        }                    
    };
    services.AddCors();
});

New Auth Polices with authentication schemes added, and more roles.
I'll test this later tonight to see if it works now.
public class AuthPolicies
{
    public const string Admin = "Admin";
    public const string Account = "Account";

    public static AuthorizationPolicy AdminPolicy()
    {
        return new AuthorizationPolicyBuilder()
            .AddAuthenticationSchemes("Cookies", "Bearer")
            .RequireAuthenticatedUser()
            .RequireRole(Admin)
            .RequireClaim("jti", "sub", "unique_name", "role", "idpId")<br />
            .Build();
    }

    public static AuthorizationPolicy AccountPolicy()
    {
        return new AuthorizationPolicyBuilder()
            .AddAuthenticationSchemes("Cookies", "Bearer")
            .RequireAuthenticatedUser()
            .RequireRole(Account)
            .RequireClaim("jti", "sub", "unique_name", "role", "idpId")<br />
            .Build();
    }

}
If it ain't broke don't fix it
Discover my world at jkirkerx.com

AnswerHead scratcher here Pin
jkirkerx23-Jul-20 10:33
professionaljkirkerx23-Jul-20 10:33 
AnswerDid the rewrite on both the server and client side, works great now Pin
jkirkerx27-Jul-20 7:48
professionaljkirkerx27-Jul-20 7:48 
QuestionUpgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 7:20
professionaljkirkerx17-Jul-20 7:20 
AnswerRe: Upgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 11:31
professionaljkirkerx17-Jul-20 11:31 
GeneralRe: Upgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 11:46
professionaljkirkerx17-Jul-20 11:46 
GeneralRe: Upgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 12:36
professionaljkirkerx17-Jul-20 12:36 
QuestionGenerating unique user ID Pin
Otekpo Emmanuel7-Jul-20 7:29
MemberOtekpo Emmanuel7-Jul-20 7:29 
AnswerRe: Generating unique user ID Pin
Richard Deeming7-Jul-20 7:47
mveRichard Deeming7-Jul-20 7:47 
GeneralRe: Generating unique user ID Pin
Otekpo Emmanuel8-Jul-20 3:06
MemberOtekpo Emmanuel8-Jul-20 3:06 
GeneralRe: Generating unique user ID Pin
Richard Deeming8-Jul-20 3:42
mveRichard Deeming8-Jul-20 3:42 
GeneralRe: Generating unique user ID Pin
Mycroft Holmes8-Jul-20 12:46
professionalMycroft Holmes8-Jul-20 12:46 
AnswerRe: Generating unique user ID Pin
David Mujica10-Jul-20 2:47
MemberDavid Mujica10-Jul-20 2:47 
GeneralRe: Generating unique user ID Pin
jkirkerx13-Jul-20 11:25
professionaljkirkerx13-Jul-20 11:25 
GeneralRe: Generating unique user ID Pin
DerekT-P17-Jul-20 10:44
professionalDerekT-P17-Jul-20 10:44 
Questionpls help Pin
Member 148797912-Jul-20 21:44
MemberMember 148797912-Jul-20 21:44 
SuggestionRe: pls help Pin
Richard MacCutchan2-Jul-20 21:48
mveRichard MacCutchan2-Jul-20 21:48 
GeneralRe: pls help Pin
ZurdoDev6-Jul-20 8:10
mveZurdoDev6-Jul-20 8:10 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.