0

Basically, I have a homework assignment which involves me creating a MVC app in Asp.Net (the standard version, not Core). I need to provide authentication using jwt, but i have to use a separate authentication server, so the token creation and validation are delegated to that server, and if a server like that already exists (perhaps a facebook or twitter authentication server using jwt), i should use it rather than create my own. I am not sure if there is a jwt authentication server which I could use, and I don't know what is the best way to handle jwt tokens, for example if i have a form that submits stuff to a controller action, how to place a jwt token in the request. Any help on this would be much appreciated!

Improve this question
1
  • Google "C# JWT Authentication Server from scratch" and a ton of examples come up. As far as Core vs Standard, obviously from an Asp.Net vs Asp.Net Core perspective the only real difference is how they handle request. Core introduced a notion of middleware into the pipeline and decreased overall request size for a smaller payload. Commented Jul 11, 2019 at 13:36

1 Answer 1

Reset to default
1

As this is a homework assignment I'm going to try and provide a jumping off point rather than provide code samples or anything.

A JWT can be issued from another authority and used within your own application provided your application is set up to use that authority. For example, in house we use AWS Cognito to store our users, and in each of our web applications we specify that our JWT tokens are being issued by that Cognito user pool.

I've had a quick look around online for any issuers that may provide this service for free, and found the following blog post for Auth0 which boasts being able to support up to 7000 users for free (there may be hidden costs, I haven't looked into it fully)

The tutorial in the blog post seems to follow a .Net standard rather than a core implementation. Hopefully you find this useful and good luck with your assignment!

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I just wanted to thank you for taking the time to answer. None of the available services were satisfactory, and given that I had just about 24 hours until submission, I ended up writing my own JWT generator/validator server, and it worked quite well. As far as the other part of my question goes, that was still an issue, and as I later found out, the solution is to use cookies to send the token from view to controller, rather than hard-coding it in every form and <a> tag (which, as I also discovered, is a metric shit-ton of work).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.