[Archived] Middleware for security and authorization of web apps. Project moved to https://github.com/aspnet/AspNetCore
1.27k
stars
600
forks
source link
JwtSecurityTokenHandler.CreateJwtSecurityToken renaming Claim Type Names. #1829
Closed
TobyMosque closed 6 years ago
I'm tring to secure my web tokens using Aes256CbcHmacSha512, but when i create the SecurityToken calling JwtSecurityTokenHandler.CreateToken Method (SecurityTokenDescriptor), the claims' type names are updated.
Because of that, the role-based authorization didn't work as expected (AuthorizationAttribute.Roles didn't work and I can't get the Current User).
AppSettings.Keys.cs
Startup.cs
AuthController.cs
Reproducing the problem.:
Creating the User.:
Request
Response Headers - HttpStatus 200
Autheticating
Request
Response Body
Response Headers - HttpStatus 200
ClaimIdentity
SecurityToken
Getting Roles
Request
Response Headers - HttpStatus 500
Retriving Current User
Claims on Current Context
Is Admin
Request
Response Headers - HttpStatus 403
That behivior didn't happen when i create a SecurityToken withouth an EncryptingCredentials.
Startup.cs
AuthController.cs
SecurityToken
Token Validated
Current User