Here is some context to my problem. I have a server that runs a few APIs. The API can be call from another computer over the network and I will use a jwt signed by a X509 certificate. This can trigger one API to call another API requiring elevated access. I tried to research the best way to do this and came up with this using certificates for authentication between APIs. I doubt enabling both middlewares for certificate authentication and jwt validation will work. Is there a way to enable both authorization methods correctly, such that if the request is internal, it will use certificate and if it is external it will use jwts? Or maybe there is a better way to do this that I'm unaware of?
Asked
Active
Viewed 43 times
0
-
Back in the days with OWIN I managed to make us of two different authentication method. Just addded the middlewares in the right order. Each one could check if the user was already authenticated and just proceed. I would think that this is also possible with .net core. Just some thoughts – Michael Jun 11 '20 at 19:17
-
https://stackoverflow.com/questions/49694383/use-multiple-jwt-bearer-authentication – Michael Jun 11 '20 at 19:22
-
Thanks Michael. I would look into the mutliple jwts suggestion as well – David hehe Jun 12 '20 at 00:59