9

I have few working ASP NET apps built with Net.Framework sharing same machineKey in Web.config, so when a user authenticated in one app, other apps consider him authenticated as well.

Now I have to wire up a new app to this club that uses asp net Core 2.0. Is there a quick solution on how to convert the existing "legacy" 

<system.web>
...
<machineKey decryption="AES" decryptionKey="blablabla" validation="SHA1" validationKey="blablabla" />
</system.web>

to be used in the Core app?

Edit: The actual Net.Framework api is using token-based authentication:

using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
private void ConfigureOAuth(IAppBuilder app)
{
    OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
    //Token consumption from header "Authentication Bearer"
    app.UseOAuthBearerAuthentication(OAuthBearerOptions);
}

Then on [Authorize] the framework decodes the token using machine key. The correct question i guess would be how to implement the same in Core 2.0+ using the manually provided machine key to decrypt the auth token sent in header.

Improve this question
3
  • Have you tried reading this article? learn.microsoft.com/en-us/aspnet/core/migration/proper-to-2x/… Commented May 29, 2018 at 7:39
  • What is the middleware used for authentication? Commented Jul 19, 2018 at 5:59
  • i had to stay on net.framework with owin custom tokens auth as i was out of time to dig more with core.. Commented Jul 19, 2018 at 9:24

1 Answer 1

Reset to default
2

You can use awesome library for this purposes AspNetTicketBridge.

Token handler definition:

public class OwinBearerTokenMachineKeyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    public const string DefaultAuthScheme = "DefaultAuth";

    // List of supported decryption algorithms: DES | 3DES | AES
    private const string DefaultDecryptionAlgorithm = "<YOUR DECRYPTION ALGORIGHM>";

    // List of supported validation algorithms: SHA1 | MD5 | 3DES | AES | HMACSHA256 | HMACSHA384 | HMACSHA512
    private const string DefaultValidationAlgorithm = "<YOUR VALIDATION ALGORITHM>";

    private const string DefaultAuthorizationHeader = "Authorization";

    public OwinBearerTokenMachineKeyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
    {
    }

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        var token = Request.Headers[DefaultAuthorizationHeader][0].Remove(0, 7); // Bad code, don't use it... please

        // Get keys from machine keys section / another configuration file.
        var validationKey = "<YOUR VALIDATION KEY FROM MACHINE KEY CONFIG>";
        var decryptionKey = "<YOUR DECRYPTION KEY FROM MACHINE KEY CONFIG>";


        var ticket = MachineKeyTicketUnprotector.UnprotectOAuthToken(token, decryptionKey, validationKey, DefaultDecryptionAlgorithm, DefaultValidationAlgorithm);
        var newTicket = AuthenticationTicketConverter.Convert(ticket, DefaultAuthScheme);
        return Task.FromResult(AuthenticateResult.Success(newTicket));
    }
}

App configuration:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // ...

    app.UseAuthentication();
    app.UseAuthorization(); // Gives ability to use [Authorize] attribute

    // ...
}

public void ConfigureServices(IServiceCollection services)
{
    // ...

    RegisterAuthorization(services);

    // ...
}

private void RegisterAuthorization(IServiceCollection services)
{
    services.AddAuthentication(o => { o.DefaultScheme = OwinBearerTokenMachineKeyAuthenticationHandler.DefaultAuthScheme; })
            .AddScheme<AuthenticationSchemeOptions, OwinBearerTokenMachineKeyAuthenticationHandler>(OwinBearerTokenMachineKeyAuthenticationHandler.DefaultAuthScheme, o => { });
    services.AddAuthorization(); // Gives ability to use [Authorize] attribute
}

P.S. I spent 2 days for finding good solution to accomplish this task, but only this seems the best.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.