Double authentication using Jwt bearer .net core 5

elseforty 21 Reputation points
2021-11-28T17:34:08.49+00:00

Hi,

i'm trying to implement a double authentication layer in a .net core 5 API, the validation should be done in two steps ,

  • first one is validate the authentication for the super user ,
  • the second step is validate the authentication for the simple user if first step is Ok,
    i want to implemet the authentication on the Ocelot Api gateway level, i don't know how i can implement this , i've added the two Jwt bearer configuration in the startup file but it does not work since the validation can be done using both jwt bearers instead of validating using jwt bearer for super user , if okey then try validate using jwt bearer for simple user
    any thoughts about this is really appreciated

startup.cs file

public class Startup  
{
    public void ConfigureServices(IServiceCollection services)
    {

        // Adding Authentication 
        services.AddAuthentication(options =>
        {
            options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
        })
            // Adding Jwt Bearer 
            .AddJwtBearer("SimpleUsersBearer",options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("MySecretKey")),
                    ValidateIssuerSigningKey = true,
                    ValidateIssuer = false,
                    ValidateAudience=false,

            };
            }).AddJwtBearer("SuperlUsersBearer", options =>
            {
                options.SaveToken = true;
                options.RequireHttpsMetadata = false;
                options.TokenValidationParameters = new TokenValidationParameters()
                {
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("MySecretKey")),
                    ValidateIssuerSigningKey = true,
                    ValidateIssuer = false,
                    ValidateAudience = false,

                };
            });

        services.AddAuthorization(options =>
        {
            options.DefaultPolicy = new AuthorizationPolicyBuilder()
                .RequireAuthenticatedUser()
                .AddAuthenticationSchemes("SimpleUsersBearer")
                .AddAuthenticationSchemes("SuperUsersBearer")
                .Build();
        });

        services.AddOcelot();
    }
ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,021 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Bruce (SqlWork.com) 52,826 Reputation points
    2021-11-28T20:50:43.183+00:00
    0 comments No comments