1

I have an ASP.NET MVC application that must only be accessed by users that are logged in.

We are implementing PingAccess and PingFederate that intercepts traffic to our application and forces the user to log in before it even hits our application.

Once authenticated PingAccess sets a cookie containing a JWT token and I can read this inside an MVC controller and abstract the claims (sample below) but I need to be able to set the User.Identity object and ensure that IsAuthenticated is true so that I can use the standard Authorize attribute on all of our controllers.

var cookie = this.Request.Cookies.Get("PA.mycookie");
var jwtTokenString = cookie.Value;
var jwtToken = new JwtSecurityToken(jwtTokenString);
var claims = jwtToken.Claims;

Could anyone point me in the right direction?

Many thanks

Craig Broadman
  • 185
  • 3
  • 8

1 Answers1

0

If the goal of going after the User.Identity object and the IsAuthenticated attribute is just to ensure that your Authorize attribute works, then the way to do that via jwt tokens requires some setup in Startup.cs via ConfigureOAuthTokenConsumption. The second answer in this post has some example code that may set you on the right track: How to use JWT in MVC application for authentication and authorization?.

RyeBread
  • 170
  • 1
  • 9