JwtAuthForWebAPI 2.0.7
dotnet add package JwtAuthForWebAPI --version 2.0.7
NuGet\Install-Package JwtAuthForWebAPI -Version 2.0.7
<PackageReference Include="JwtAuthForWebAPI" Version="2.0.7" />
paket add JwtAuthForWebAPI --version 2.0.7
#r "nuget: JwtAuthForWebAPI, 2.0.7"
// Install JwtAuthForWebAPI as a Cake Addin #addin nuget:?package=JwtAuthForWebAPI&version=2.0.7 // Install JwtAuthForWebAPI as a Cake Tool #tool nuget:?package=JwtAuthForWebAPI&version=2.0.7
Provides easy implementation for JWT-based HTTP authentication in an ASP.NET Web API project.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET Framework | net45 is compatible. net451 was computed. net452 was computed. net46 was computed. net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
-
- log4net (>= 2.0.2)
- System.IdentityModel.Tokens.Jwt (>= 4.0.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories (1)
Showing the top 1 popular GitHub repositories that depend on JwtAuthForWebAPI:
Repository | Stars |
---|---|
jamiekurtz/WebApi2Book
Example source code that accompanies ASP.NET Web API 2: Building a REST Service from Start to Finish
|
Version | Downloads | Last updated |
---|---|---|
2.0.7 | 31,555 | 4/22/2015 |
2.0.6 | 1,303 | 4/21/2015 |
2.0.5 | 2,243 | 1/28/2015 |
2.0.4 | 2,364 | 9/17/2014 |
2.0.3-RC2 | 1,025 | 8/4/2014 |
2.0.2-beta1 | 1,076 | 5/21/2014 |
2.0.1-beta1 | 1,919 | 5/19/2014 |
2.0.0-beta1 | 1,002 | 5/19/2014 |
1.0.7 | 1,542 | 5/12/2014 |
1.0.6 | 1,200 | 5/11/2014 |
1.0.5 | 1,585 | 4/12/2014 |
1.0.4 | 1,658 | 1/23/2014 |
1.0.3 | 1,252 | 1/23/2014 |
1.0.2 | 1,376 | 11/12/2013 |
1.0.1 | 1,361 | 11/6/2013 |
1.0.0 | 1,251 | 11/6/2013 |
Nuget-deployed library for securing your ASP.NET Web API service with JSON Web Tokens (JWT).
This library is essentially a DelegatingHandler that creates a new ClaimsPrincipal based on the incoming token and assigns it to the current thread. As such, you *must* secure your controllers and/or their actions with the `[Authorize]` attribute - per standard ASP.NET authorization practices. In other words, the handler doesn't actually prevent unauthorized access to your site - that's what the `[Authorize]` attribute is for.
The required token can exist in either the HTTP Authorization header or a browser cookie (cookie's name provided during configuration of the JwtAuthenticationMessageHandler object).
Configure your ASP.NET Web API site with this library by putting the following code (or similar) in your WebApiConfig.Register() method:
var builder = new SecurityTokenBuilder();
var jwtHandler = new JwtAuthenticationMessageHandler
{
AllowedAudience = "http://www.example.com/",
Issuer = "corp",
SigningToken = builder.CreateFromCertificate("CN=JwtAuthForWebAPI Example"),
CookieNameToCheckForToken = "ut"
};
config.MessageHandlers.Add(jwtHandler);
2.0.5 - added support for allowing callers to submit the required token in a browser cookie - to better support Single Page Applications with your REST API.
2.0.6 - added explicit catch of SignatureVerificationFailedException to make sure that gets returned as a 401 (and not a 500)
2.0.7 - added explicit check of principal object returned from a custom PrincipalTransformer
Please see the project site for more details.