asp.net core - Purpose of options.AutomaticAuthenticate with UseJwtBearerAuthentication -

-

after updating codebase asp 5 beta 7 rc1-final, began receiving exception jwtbearer middleware

unable cast object of type 'newtonsoft.json.linq.jarray' type 'system.iconvertible'.

the determining factor can see far appears setting of options.automaticauthenticate. if it's true, exception, otherwise, not.

what automaticauthenticate , why need enable it?

    app.usejwtbearerauthentication(options =>     {         options.automaticauthenticate = true;      }

here full stack trace:

at system.convert.toint32(object value, iformatprovider provider)    @ system.identitymodel.tokens.jwt.jwtpayload.getintclaim(string claimtype)    @ system.identitymodel.tokens.jwt.jwtpayload.get_nbf()    @ system.identitymodel.tokens.jwt.jwtsecuritytokenhandler.validatetoken(string token, tokenvalidationparameters validationparameters, securitytoken& validatedtoken)    @ microsoft.aspnet.authentication.jwtbearer.jwtbearerhandler.<handleauthenticateasync>d__1.movenext() --- end of stack trace previous location exception thrown ---    @ system.runtime.exceptionservices.exceptiondispatchinfo.throw()    @ microsoft.aspnet.authentication.jwtbearer.jwtbearerhandler.<handleauthenticateasync>d__1.movenext() --- end of stack trace previous location exception thrown ---    @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)    @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)    @ system.runtime.compilerservices.taskawaiter`1.getresult()    @ microsoft.aspnet.authentication.authenticationhandler`1.<initializeasync>d__48.movenext() --- end of stack trace previous location exception thrown ---    @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)    @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)    @ system.runtime.compilerservices.taskawaiter.getresult()    @ microsoft.aspnet.authentication.authenticationmiddleware`1.<invoke>d__18.movenext() --- end of stack trace previous location exception thrown ---    @ system.runtime.compilerservices.taskawaiter.throwfornonsuccess(task task)    @ system.runtime.compilerservices.taskawaiter.handlenonsuccessanddebuggernotification(task task)    @ system.runtime.compilerservices.taskawaiter.getresult()    @ api.startup.<<configure>b__9_0>d.movenext() in ...\startup.cs:line 156

update on root cause

our codebase creating duplicate claims nbf, exp, , iat. explains why get_nbf in stack trace , complaint "jarray" since each of values array instead of value.

if set true middleware run on every inbound request, jwt token , if 1 present validate it, , if valid create identity , add current user.

if false doesn't happen , need request middleware set identity specifying bearer's scheme in authorize attribute.

[authorize(authenticationschemes = "yourbearerschemename")]

or set in policy; 

options.addpolicy("requirebearer", policy => {     policy.authenticationschemes.add("yourbearerschemename");     policy.requireauthenticateduser();  });

so, setting false aren't running bearer stuff until ask it, you're putting exception off until later.


Comments

Post a Comment

Popular posts from this blog

android - Why am I getting the message 'Youractivity.java is not an activity subclass or alias' -

-
Image
i created own android project , cut , pasted code exercise: http://androidexample.com/show_phone_contacts_in_autocomplete_suggestions_-_android_example%20/index.php?view=article_discription&aid=106&aaid=128# when build project no errors or warnings. when run project window error: annoyingly, can't make window smaller, can't click of buttons. cick 'x' @ top, close it. here's project structure: where getting 'autocompletemain' from? (note small c) class named autocompletemain. help. and have activity included in android manifest, in case you're wondering: <?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.androidexample.autocompleteedittext" android:versioncode="1" android:versionname="1.0" > <uses-permission android:name="android.permission.read_phone_state...
Read more

Making Empty C++ Project: General exception (Exception from HRESULT:0x80131500) Visual Studio Community 2015 -

-
i'm trying make new c++ empty project in visual studio community 2015. however, hit okay, tells me 1 or more errors have occured, , general exception (exception hresult:0x80131500). i've been trying online other results, none have helped far , wondering if here knew how fix it. i've tried re installing , tried windows ultimate 2013 , i'd still unable make empty project. in case stopped working when i've tried switch solution "debug" "release" configuration. after vs started fail load projects or create new ones message have mentioned (exception hresult:0x80131500). what did trying create new c# project on have got more clear , useful message, saying vs 2015 can not open following file: c\programfiles(x86)\msbuild\14.0\bin\microsoft.common.currentversion.targets when have checked file have found corrupted in weird way - size of file same original 80% of file garbage. after have downloaded original file microsoft reference so...
Read more

How to fix java warning for "The value of the local variable is not used " -

-
how avoid java warning says the value of local variable not used for variable declared private ? you have multiple choices: remove field. unused, shouldn't there. comment out field, e.g. using // todo temporary hiding of warning until write code using field. suppress warning using @suppresswarnings("unused") . disable warning in ide settings. eclipse, in window > preferences java > compiler > error/warnings unnecessary code > unused private member select option ignore for #3 , #4, though, although can, why want to?
Read more