How to combine the windows authentication and JWT with .Net Core 2.1

I have tried to use the windows authentication and JWT together with .NET Core 2.1.

I have following startup settings of the authentication:

services.AddAuthentication(options =>                 {                     options.DefaultAuthenticateScheme = IISDefaults.AuthenticationScheme;                     options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;                 })                 .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>             {                 options.TokenValidationParameters = new TokenValidationParameters                 {                     ValidateIssuer = true,                     ValidateAudience = true,                     ValidateLifetime = true,                     ValidateIssuerSigningKey = true,                      ValidIssuer = "Test",                     ValidAudience = "Test",                     IssuerSigningKey = JwtSecurityKey.Create("677efa87-aa4d-42d6-adc8-9f866e5f75f7")                 };                  options.Events = new JwtBearerEvents()                 {                     OnAuthenticationFailed = OnAuthenticationFailed                 };             }); 

IIS settings:

"iisSettings": {     "windowsAuthentication": true,      "anonymousAuthentication": true,      ..   } 

I have tried following code snippet to create the JWT token with windows authentication:

[Route("api/[controller]")]     [ApiController]     [Authorize(AuthenticationSchemes = "Windows")]     public class AuthController : ControllerBase     {         [HttpPost("token")]         public IActionResult Token()         {             //Setup claims             var claims = new[]             {                 new Claim(ClaimTypes.Name, User.Identity.Name),                 //Add additional claims             };              //Read signing symmetric key             var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("677efa87-aa4d-42d6-adc8-9f866e5f75f7"));             var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);              //Create a token             var token = new JwtSecurityToken(                 issuer: "Test",                 audience: "Test",                 claims: claims,                 expires: DateTime.Now.AddMinutes(30),                 signingCredentials: creds);              //Return signed JWT token             return Ok(new             {                 token = new JwtSecurityTokenHandler().WriteToken(token)             });         }     } 

And in another controller I need use only JWT authentication:

[Route("api/[controller]")]     [ApiController]     [Authorize(AuthenticationSchemes = "Bearer")]     public class ProductController : ControllerBase     {         [HttpGet]         public IActionResult Get()         {             var userName = User.Identity.Name;              var claims = User.Claims.Select(x => new { x.Type, x.Value });              return Ok(new { userName, claims });         }     } 

If the JWT token is expired then I correctly received the response code 401 but I still get the dialog in the browser for putting the credentials.

How can I configure the windows authentication only for a part when I want to create the JWT token and disable response which is responsible for showing the browser dialog with credentials? How to correctly combine these things?

1 Answers

Answers 1

This answer might help: https://stackoverflow.com/a/51055082/1212994

You need to ensure, that you NOT setting Authorization: Bearer HTTP header when you trying to use Windows Auth. The key point here is how "Windows Auth" actually works. Let's look how it works with browser for example.

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati