AspNetCore 2.1 Bearer Token Authentication - Current user is empty

asp.net-core asp.net-identity c# entity-framework-core jwt

Question

I've an application that requests a token when the user signs in. That token is then passed with the following header:

Authorization: Bearer <TOKEN>

I've the following code on my startup.cs (aspnet core 2.1):

public void ConfigureServices(IServiceCollection services)
{
    services.AddMvcCore()
            .SetCompatibilityVersion(CompatibilityVersion.Latest)
            .AddFormatterMappings()
            .AddJsonFormatters()
            .AddCors()
            .AddAuthorization(o =>
            {
                o.DefaultPolicy = new AuthorizationPolicyBuilder(JwtBearerDefaults.AuthenticationScheme)
                 .RequireAuthenticatedUser()
                 .Build();
            });

    /* Code... */

    ConfigureAuthentication(services);

    /* Code... */
}

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseAuthentication()
       .UseMiddleware<ExceptionMiddleware>(container)
       .UseCors(x =>
       {
           x.WithOrigins("*")
           .AllowAnyMethod()
           .AllowCredentials()
           .AllowAnyHeader()
           .Build();
       });

    /* Code... */
}

private void ConfigureAuthentication(IServiceCollection services)
{
    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    })
    .AddJwtBearer(options =>
    {
        var tokenProvider = new HumbleTokenProvider(container);
        options.TokenValidationParameters = tokenProvider.GetValidationParameters();
        options.RequireHttpsMetadata = false;
    });
}

To create tokens when the user sign in, I've TokenProvider service:

public class RsaJwtTokenProvider : ITokenProvider
{
    readonly IConfiguration configuration;
    readonly IDateFactory dateFactory;

    readonly RsaSecurityKey _key;
    readonly string _algorithm;
    readonly string _issuer;
    readonly string _audience;

    public RsaJwtTokenProvider(
            IConfiguration configuration,
            IDateFactory dateFactory
        )
    {
        this.configuration = configuration;
        this.dateFactory = dateFactory;

        var parameters = new CspParameters { KeyContainerName = configuration.GetSection("TokenAuthentication:SecretKey").Value };
        var provider = new RSACryptoServiceProvider(2048, parameters);

        _key = new RsaSecurityKey(provider);

        _algorithm = SecurityAlgorithms.RsaSha256Signature;
        _issuer = configuration.GetSection("TokenAuthentication:Issuer").Value;
        _audience = configuration.GetSection("TokenAuthentication:Audience").Value;
    }

    public (string Token, int Expires) CreateToken(string userName, string UserId)
    {
        JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();

        var claims = new List<Claim>()
        {
            new Claim(ClaimTypes.NameIdentifier, UserId),
            new Claim(ClaimTypes.Name, userName)
        };

        ClaimsIdentity identity = new ClaimsIdentity(claims, "jwt");

        int expiresIn = int.Parse(configuration.GetSection("TokenAuthentication:Validaty").Value);
        DateTime expires = dateFactory.Now.AddMinutes(expiresIn).ToUniversalTime();
        SecurityToken token = tokenHandler.CreateJwtSecurityToken(new SecurityTokenDescriptor
        {
            Audience = _audience,
            Issuer = _issuer,
            SigningCredentials = new SigningCredentials(_key, _algorithm),
            Expires = expires,
            Subject = identity
        });

        return (tokenHandler.WriteToken(token), expiresIn);
    }

    public TokenValidationParameters GetValidationParameters()
    {

        return new TokenValidationParameters
        {
            // The signing key must match!
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = _key,

            // Validate the JWT Issuer (iss) claim
            ValidateIssuer = true,
            ValidIssuer = _issuer,
            // Validate the JWT Audience (aud) claim
            ValidateAudience = true,
            ValidAudience = _audience,

            // Validate the token expiry
            ValidateLifetime = true,
            // If you want to allow a certain amount of clock drift, set that here:
            ClockSkew = TimeSpan.Zero
        };
    }
}

As you can see, TokenValidationParameters used in AddJwtBearer is provided by the code above GetValidationParameters.

My first perception on this, was that none of the startup authorization/authentication methods checked for the token, or at least I'm not providing it besides the TokenValidationParameters.

I assumed that it worked because of the Token composition and the service would decompose it to extract the current user and insert it into Identity.

However, when I call userManager.GetUserId(user) it returns null.

public string CurrentUser
{
    get
    {
        var user = accessor.HttpContext?.User;
        if (user != null)
            return userManager.GetUserId(user);
        return null;
    }
}

The content of user is the following:

S1 S2

What am I doing wrong?

Screenshot Claims (Token creation)

S3

Update

With the help of Mohammed Noureldin I've discovered that I didn't have claims in my CurrentUser property.

After putting [Authorize] in my controller it started working. However, I need it to work on anonymous actions too... Any idea?

1
3
6/3/2018 9:23:48 PM

Fastest Entity Framework Extensions

Bulk Insert
Bulk Delete
Bulk Update
Bulk Merge

Popular Answer

If I understood your problem correctly, you are not able to get who is the current logged in User from the Identity.

You need to add Name claim to your ClaimsIdentity, which will automatically be translated to Name property of Identity property.

Here is an example:

var claims = new List<Claim>
{
    new Claim(ClaimTypes.Name, "SomeName or Id")
};

and add any other claim you need to this list, and then create your ClaimsIdentity:

ClaimsIdentity identity = new ClaimsIdentity(claims, "jwt");

UPDATE:

I did not notice before that you are trying to add Claims (and the whole Identity) inside your authorization process. That is not how it should be. Adding claims should happen inside authentication, not authorization.

1
6/3/2018 9:48:20 PM

Related Questions

AspNet.Identity Custom User and Custom Role should be simple; what am I missing?

Using examples from ...http://www.asp.net/identity... I've gotten this far. The ...RoleManager... works flawlessly and I treat the ...UserManager... the same. I think everything is correct, but I can't seem to new up a ...UserManager... correctly in a controller. What is wrong? At one point, I was successfully getting the ...UserManager... to wo...
asp.net-identity asp.net-mvc asp.net-mvc-5 entity-framework entity-framework-6
asked by Sean Newcome

Proper way to get current User ID in Entity Framework Core

There are a bunch of different answers floating around here for the different RC's of ASP.NET Core on how to get the ID of the currently logged in user. I wanted to ask the definite question here. Please note that project.json now has "Microsoft.AspNetCore.Identity.EntityFrameworkCore": "1.0.0"...With RC1, you could do something like this:...using ...
asp.net-core asp.net-identity entity-framework-core
asked by Reza

User Authentication with EntityFrameworkCore and MySQL DB not working

I am developing a .Net Core Web Application using Entity Framework and MySQL and when I try to register as a user, I get the following message....An unhandled exception occurred while processing the request. InvalidOperationException: Connection must be valid and open to commit transaction MySql.Data.MySqlClient.MySqlTransaction.Commit() ...This is...
.net-core asp.net-ajax asp.net-core c# entity-framework-core
asked by k3ra

Is it possible/advisable to seed Users/Roles using the EFCore 2.1 Data Seeding system?

As of EFCore 2.1 it's possible to seed data using the DbContext OnModelCreating method....https://docs.microsoft.com/en-us/ef/core/modeling/data-seeding...However user/role creation is usually handled by a UserManager/RoleManager....Now, I can manually create a Role or User - but for example in the case of a User I need to hash the password myself ...
asp.net-core entity-framework-core
asked by David Kirkpatrick

.NET Core 2.1 Identity get all users with their associated roles

I'm trying to pull out all my Identity users and their associated roles for a user management admin page. I thought this would be reasonably easy but apparently not. I've tried following the following solution: ...https://stackoverflow.com/a/43562544/5392786... but it hasn't worked out so far....Here is what I have so far:...ApplicationUser:...publ...
asp.net-core asp.net-core-identity c# entity-framework-core mysql
asked by Andy Furniss

.NET Core 2.1 and EF Framework 2.1

I'm trying to replace a web service that provides information to a mobile app via ODATA 4. The current application is using EF6 and works without error....I have subsequently built a NEW .NET Core 2.1.1, using EF 2.1 and Core Odata 7.0.1. Everything seems to be functioning property when run on IISExpress through the Visual Studio 2017 interface. ..
.net-core c# entity-framework entity-framework-core odata
asked by Stewart Basterash

How to access DbContext in viewmodel with AspNetCore 2.1?

Using DropDown input fields is very common when you want to display a description while saving an ID in your database. If I consider my Person model, I have PersonViewModel which has a SelectList used to display a list of possible Job Descriptions... public SelectList SelectJobDescription { get { MyDbContext _cont...
asp.net-core-2.1 dbcontext entity-framework-core viewmodel
asked by kranz

Entity Framework core 2.1 Using AsNoTracking with multiple Async gives InvalidOperationException: The connection was not closed

I have run two Async methods using Entity Framework 2.1 - one for selecting the total count and another for retrieving page data - and I marked my entity AsNoTracking as following:...var dbContext = new SamuraiAppDataCoreContext(); var query = dbContext.Samurais.AsNoTracking(); var pageQuery = query.Skip(0).Take(10); var totalCountTask = query.Co...
async-await asynchronous c# entity-framework-core
asked by Mina Matta

How to get SelectList for the current user

I am trying to get the selectlist of customers/products/categories from the database. the selectlist will only show the selectlist of customer/product/categories of the current user/current logged in user....But I am only getting the first item belonging to the current logged user....In the database, each users has applicationUserId...I am supposed...
asp.net-core asp.net-mvc c# entity-framework entity-framework-core
asked by techstack

Invalid token in ASP.NET CORE 2.1?

I am trying to confirm the email, but the moment I try to confirm it, it indicates that the token is invalid, validate the token with a stop point and it is correct, I do not know what could be happening,...This is my method that sends me the email with the user and the token,...This is the method when I am trying to confirm the email and it is the...
asp.net-core entity-framework-core
asked by Frankenstainero

Fastest Entity Framework Extensions

Bulk Insert
Bulk Delete
Bulk Update
Bulk Merge
View more on Stack Overflow

Prime Library

Performance

Expression Evaluator

More Projects...

Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow