Add the auth service to the .NET Core Startup class

Those coming from ASP.NET Core 1.x should remember that in order to configure authorization, we had to register and configure the auth middleware within the Configure method in the Startup class; each authentication scheme did require its own dedicated section to initialize and configure with the relevant settings--cookie names, URI endpoints, and so on.

In ASP.NET Core 2.x, the approach is slightly different: the authentication process is now configured via services, hence we have to register each scheme--along with its configuration settings--in the ConfigureServices method within the Startup.cs file. We still have to add the AuthenticationMiddleware to the HTTP request pipeline, but it's the only thing we have to do there.

From Solution Explorer, open the Startup.cs file, navigate through the ConfigureServices method and append the following lines, just below the Add ASP.NET Identity support block:

[...]

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

[...]

// Add Authentication with JWT Tokens
services.AddAuthentication(opts =>
{
    opts.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
    opts.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    opts.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(cfg =>
{
    cfg.RequireHttpsMetadata = false;
    cfg.SaveToken = true;
    cfg.TokenValidationParameters = new TokenValidationParameters()
    {
        // standard configuration
        ValidIssuer = Configuration["Auth:Jwt:Issuer"],
        ValidAudience = Configuration["Auth:Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(
        Encoding.UTF8.GetBytes(Configuration["Auth:Jwt:Key"])),
        ClockSkew = TimeSpan.Zero,

        // security switches
        RequireExpirationTime = true,
        ValidateIssuer = true,
        ValidateIssuerSigningKey = true,
        ValidateAudience = true
    };
});

[...]

What we did here was to add the authentication support, configuring the default authentication schemes, and added the JWT authentication type. Note how we split the JWT Bearer configuration settings into two parts: the standard configuration, where we have set up the required settings, and the security switches, which can be optionally set to false to ease the debug process--in case the token fails to validate--to quickly understand the failure reason(s).

Note that in ASP.NET Core 2.x, multiple auth types can now be chained using fluent code syntax, so we can even accept something else beside JWT tokens; we'll make good use of this convenient feature later on.

Don't miss the highlighted lines in the preceding code; they're supposed to fetch something from the AppSettings configuration file that doesn't exist yet, but will do soon.

We're not done with the Startup.cs file; we still need to add the authentication middleware to the HTTP pipeline. Scroll down to the Configure method and add the following highlighted lines right before the MVC middleware:

[...]

// Add the AuthenticationMiddleware to the pipeline
app.UseAuthentication();

app.UseMvc(routes =>

[...]

Now we're done.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.194.106