have been working on implementing JWT bearer based authentication. I am trying to fetch public keys from Auth server JWKS URL and load it to JsonWebKeySet. Here is my ConfigureServices class code:
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o=> { o.AddPolicy("AllowAnyOrigin", b=> b.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()); });
services.Configure<MvcOptions>(o => { o.Filters.Add(new CorsAuthorizationFilterFactory("AllowAnyOrigin")); });
var p = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
services.AddMvc(o=> {
o.Filters.Add(new AuthorizeFilter(p));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// configure strongly typed settings objects
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettingsSection);
// configure jwt authentication
var appSettings = appSettingsSection.Get<AppSettings>();
//var key = Encoding.ASCII.GetBytes(appSettings.Secret);
//Call Auth service URL to get public keys
var jwksJson = Helpers.GetKeyAsync(appSettings.jwksURL).GetAwaiter().GetResult();
//load keys from JWKS
var jwks = new JsonWebKeySet(jwksJson);
var issuerSigningKeys = jwks.Keys.ToList();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeys = issuerSigningKeys,
//IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
}
And here is my Configure method
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("AllowAnyOrigin");
app.UseAuthentication();
app.UseMvc();
}
This code works perfectly fine when I run the API on my local machine (IIS Express) with my angular front-end and Postman. However, when I deploy this code to Openshift based Linux container I always receive 401 error saying "The Signature is invalid". I am using the same token for authentication on both local and Openshift container. Wondering if Linux based container is causing the problem.
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(o=> { o.AddPolicy("AllowAnyOrigin", b=> b.AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()); });
services.Configure<MvcOptions>(o => { o.Filters.Add(new CorsAuthorizationFilterFactory("AllowAnyOrigin")); });
var p = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
services.AddMvc(o=> {
o.Filters.Add(new AuthorizeFilter(p));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
// configure strongly typed settings objects
var appSettingsSection = Configuration.GetSection("AppSettings");
services.Configure<AppSettings>(appSettingsSection);
// configure jwt authentication
var appSettings = appSettingsSection.Get<AppSettings>();
//var key = Encoding.ASCII.GetBytes(appSettings.Secret);
//Call Auth service URL to get public keys
var jwksJson = Helpers.GetKeyAsync(appSettings.jwksURL).GetAwaiter().GetResult();
//load keys from JWKS
var jwks = new JsonWebKeySet(jwksJson);
var issuerSigningKeys = jwks.Keys.ToList();
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeys = issuerSigningKeys,
//IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
}
And here is my Configure method
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseCors("AllowAnyOrigin");
app.UseAuthentication();
app.UseMvc();
}
This code works perfectly fine when I run the API on my local machine (IIS Express) with my angular front-end and Postman. However, when I deploy this code to Openshift based Linux container I always receive 401 error saying "The Signature is invalid". I am using the same token for authentication on both local and Openshift container. Wondering if Linux based container is causing the problem.