mac2000/Program.cs

## README.md

      
    Raw
  

              README.md
            
          
    In this demo API we are configuring two jwt bearer auth
services
    .AddAuthentication() // JwtBearerDefaults.AuthenticationScheme - removed
    .AddJwtBearer("demo1", options => options.TokenValidationParameters = new TokenValidationParameters // "demo1", - added
    {
        ValidateIssuer = false,
        ValidateAudience = false,
        ValidateLifetime = false,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("1111111111111111111111111111111111")) // "demo2", - added
    })
    .AddJwtBearer("demo2", options => options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = false,
        ValidateAudience = false,
        ValidateLifetime = false,
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("2222222222222222222222222222222222"))
    });

// default policy changed
services.AddAuthorization(options => options.DefaultPolicy = new AuthorizationPolicyBuilder()
    .RequireAuthenticatedUser()
    .AddAuthenticationSchemes("demo1", "demo2")
    .Build());
also in this API we have two dedicated endpoints (/demo1, /demo2) to generate tokens which does allow us to test if everything working like so:
$demo1 = Invoke-RestMethod http://localhost:5000/demo1
$demo2 = Invoke-RestMethod http://localhost:5000/demo2

Invoke-RestMethod http://localhost:5000/whoami -Headers @{ Authorization = "Bearer $demo1" }
Invoke-RestMethod http://localhost:5000/whoami -Headers @{ Authorization = "Bearer $demo2" }
Links


Use multiple JWT Bearer Authentication
Use multiple authentication schemes


## Program.cs
using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.IdentityModel.Tokens;

[ApiController]
public class DefaultController : ControllerBase
{
    [HttpGet]
    [Route("/ping")]
    public string Ping() => "Pong";

    [Authorize]
    [HttpGet]
    [Route("/whoami")]
    public object WhoAmI() => new {
        IsAuthenticated = User.Identity.IsAuthenticated,
        Name = User.Identity.Name,
        AuthenticationType = User.Identity.AuthenticationType
    };

    private string GenerateTokenFor(string demo, string secret) => new JwtSecurityTokenHandler().WriteToken(new JwtSecurityToken(
                issuer: demo,
                audience: demo,
                notBefore: DateTime.UtcNow,
                claims:  new[] {
                    new Claim(ClaimTypes.Name, demo + "@acme.com"),
                    new Claim(ClaimTypes.Email, demo + "@acme.com")
                },
                expires: DateTime.UtcNow.AddDays(1),
                signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)), SecurityAlgorithms.HmacSha256)));

    [HttpGet]
    [Route("demo1")]
    public string GetDemo1Token() => GenerateTokenFor("demo1", "1111111111111111111111111111111111");

    [HttpGet]
    [Route("demo2")]
    public string GetDemo2Token() => GenerateTokenFor("demo2", "2222222222222222222222222222222222");
}

public class Startup
{
    private void Single(IServiceCollection services) {
        services
            .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options => options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = false,
                ValidateAudience = false,
                ValidateLifetime = false,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("1111111111111111111111111111111111"))
            });
    }

    private void Multi(IServiceCollection services) {
        services
            .AddAuthentication() // JwtBearerDefaults.AuthenticationScheme - removed
            .AddJwtBearer("demo1", options => options.TokenValidationParameters = new TokenValidationParameters // "demo1", - added
            {
                ValidateIssuer = false,
                ValidateAudience = false,
                ValidateLifetime = false,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("1111111111111111111111111111111111")) // "demo2", - added
            })
            .AddJwtBearer("demo2", options => options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = false,
                ValidateAudience = false,
                ValidateLifetime = false,
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("2222222222222222222222222222222222"))
            });

        // default policy changed
        services.AddAuthorization(options => options.DefaultPolicy = new AuthorizationPolicyBuilder()
            .RequireAuthenticatedUser()
            .AddAuthenticationSchemes("demo1", "demo2")
            .Build());
    }

    public void ConfigureServices(IServiceCollection services)
    {
        // Single(services);
        Multi(services);

        services.AddControllers();
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseEndpoints(endpoints => endpoints.MapControllers());
    }
}
public static class Program
{
    public static void Main(string[] args) => CreateHostBuilder(args).Build().Run();

    public static IHostBuilder CreateHostBuilder(string[] args) => Host
        .CreateDefaultBuilder(args)
        .ConfigureWebHostDefaults(webBuilder =>webBuilder.UseStartup<Startup>());
}

## test.ps1
$demo1 = Invoke-RestMethod http://localhost:5000/demo1
$demo2 = Invoke-RestMethod http://localhost:5000/demo2

Invoke-RestMethod http://localhost:5000/whoami -Headers @{ Authorization = "Bearer $demo1" }
Invoke-RestMethod http://localhost:5000/whoami -Headers @{ Authorization = "Bearer $demo2" }
	using System;
	using System.IdentityModel.Tokens.Jwt;
	using System.Security.Claims;
	using System.Text;
	using Microsoft.AspNetCore.Authentication.JwtBearer;
	using Microsoft.AspNetCore.Authorization;
	using Microsoft.AspNetCore.Builder;
	using Microsoft.AspNetCore.Hosting;
	using Microsoft.AspNetCore.Mvc;
	using Microsoft.Extensions.DependencyInjection;
	using Microsoft.Extensions.Hosting;
	using Microsoft.IdentityModel.Tokens;

	[ApiController]
	public class DefaultController : ControllerBase
	{
	[HttpGet]
	[Route("/ping")]
	public string Ping() => "Pong";

	[Authorize]
	[HttpGet]
	[Route("/whoami")]
	public object WhoAmI() => new {
	IsAuthenticated = User.Identity.IsAuthenticated,
	Name = User.Identity.Name,
	AuthenticationType = User.Identity.AuthenticationType
	};

	private string GenerateTokenFor(string demo, string secret) => new JwtSecurityTokenHandler().WriteToken(new JwtSecurityToken(
	issuer: demo,
	audience: demo,
	notBefore: DateTime.UtcNow,
	claims: new[] {
	new Claim(ClaimTypes.Name, demo + "@acme.com"),
	new Claim(ClaimTypes.Email, demo + "@acme.com")
	},
	expires: DateTime.UtcNow.AddDays(1),
	signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)), SecurityAlgorithms.HmacSha256)));

	[HttpGet]
	[Route("demo1")]
	public string GetDemo1Token() => GenerateTokenFor("demo1", "1111111111111111111111111111111111");

	[HttpGet]
	[Route("demo2")]
	public string GetDemo2Token() => GenerateTokenFor("demo2", "2222222222222222222222222222222222");
	}

	public class Startup
	{
	private void Single(IServiceCollection services) {
	services
	.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
	.AddJwtBearer(options => options.TokenValidationParameters = new TokenValidationParameters
	{
	ValidateIssuer = false,
	ValidateAudience = false,
	ValidateLifetime = false,
	IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("1111111111111111111111111111111111"))
	});
	}

	private void Multi(IServiceCollection services) {
	services
	.AddAuthentication() // JwtBearerDefaults.AuthenticationScheme - removed
	.AddJwtBearer("demo1", options => options.TokenValidationParameters = new TokenValidationParameters // "demo1", - added
	{
	ValidateIssuer = false,
	ValidateAudience = false,
	ValidateLifetime = false,
	IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("1111111111111111111111111111111111")) // "demo2", - added
	})
	.AddJwtBearer("demo2", options => options.TokenValidationParameters = new TokenValidationParameters
	{
	ValidateIssuer = false,
	ValidateAudience = false,
	ValidateLifetime = false,
	IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("2222222222222222222222222222222222"))
	});

	// default policy changed
	services.AddAuthorization(options => options.DefaultPolicy = new AuthorizationPolicyBuilder()
	.RequireAuthenticatedUser()
	.AddAuthenticationSchemes("demo1", "demo2")
	.Build());
	}

	public void ConfigureServices(IServiceCollection services)
	{
	// Single(services);
	Multi(services);

	services.AddControllers();
	}

	public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
	{
	app.UseRouting();
	app.UseAuthentication();
	app.UseAuthorization();
	app.UseEndpoints(endpoints => endpoints.MapControllers());
	}
	}
	public static class Program
	{
	public static void Main(string[] args) => CreateHostBuilder(args).Build().Run();

	public static IHostBuilder CreateHostBuilder(string[] args) => Host
	.CreateDefaultBuilder(args)
	.ConfigureWebHostDefaults(webBuilder =>webBuilder.UseStartup<Startup>());
	}
	$demo1 = Invoke-RestMethod http://localhost:5000/demo1
	$demo2 = Invoke-RestMethod http://localhost:5000/demo2

	Invoke-RestMethod http://localhost:5000/whoami -Headers @{ Authorization = "Bearer $demo1" }
	Invoke-RestMethod http://localhost:5000/whoami -Headers @{ Authorization = "Bearer $demo2" }