How can I configure multiple JWT bearer token authorization with .net-standard

Question

I have a Web API application built for the .net standard 2.0 framework (not .net core) that configures oAuth2 security for a single issuer. I need to add support for an additional issuer so that the API can handle both JWT token formats and restrict individual API methods to only one issuer

I found this excellent article Use multiple JWT Bearer Authentication that's applicable to .net core, but because my application relies on a third party SDK that does not support .net core I can't upgrade my application to utilize it.

I'm hoping there's a way to do this with .net standard, but thus far I haven't found anything on point (tons of .net core articles though).

Sample code:

    public void ConfigureAuth(IAppBuilder app)
    {
        //configuration
        var url = ConfigurationManager.AppSettings["url"];
        var authorizationServerId = ConfigurationManager.AppSettings["authorizationServerId"];
        var clientID = ConfigurationManager.AppSettings["clientId"];
        var oauthIssuer = $"{url}{authorizationServerId}";

        var tvps = new System.IdentityModel.Tokens.TokenValidationParameters
        {
            ValidAudience = clientID,
            ValidateAudience = true, 
            ValidIssuer = oauthIssuer,
            ValidateIssuer = true,
        };

        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
        {
            AccessTokenFormat = new JwtFormat(tvps,
                new OpenIdConnectCachingSecurityTokenProvider(oauthIssuer + "/.well-known/openid-configuration")),
        });
    }

There's no .NET Standard framework. That's a library specification. Web applications and frameworks have to pick a *specific* runtime and framework. ASP.NET Core for example is a web framework that can run on both the .NET and .NET Core runtimes — Panagiotis Kanavos, May 15 '19 at 13:09
Perhaps, by `standard` you refer to the *full* framework and ASP.NET MVC? — Panagiotis Kanavos, May 15 '19 at 13:10
The project currently targets framework version 4.6.2 and yes I mean the full framework (not core). — Paul Keegstra, May 15 '19 at 13:15
MVC? Web API? Which version? Although you *can* move to ASP.NET Core. ASP.NET Core up to 2.2 is a *stack* that can work both on the .NET and .NET Core runtimes. It's not tied to .NET Core. — Panagiotis Kanavos, May 15 '19 at 13:16

How can I configure multiple JWT bearer token authorization with .net-standard

0 Answers0