DEVHIDE
Login Or Sign up

ASP.NET Core JWT Authentication Audience Property

6.2k Views Asked by At

I'm fairly new to ASP.NET Core.

I'm using JWT to authenicate a web api.

In most JWT code on online tutorials, we can find Issuer and Audience property metioned as shown below.

var tokenDescriptor = new SecurityTokenDescriptor
                {
                    Issuer = configuration["Jwt:Issuer"],
                    Audience = configuration["Jwt:Audience"],
               ...
                }

jwt.TokenValidationParameters = new TokenValidationParameters
        {
                ValidateIssuer = true,
                ValidateAudience = true,
                ...
        };

Can anyone please explain, what is use of both these, is it to validate the JWT Server and JWT Client

And also how to validate these

asp.net-core authentication jwt audience
Original Q&A
2

There are 2 best solutions below

2
Yeasin Arafat On

If you register the following service the authentication middleware will then validate on your behalf.

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>  
    {  
        options.TokenValidationParameters = new TokenValidationParameters  
        {  
              ValidateIssuer = true,  
              ValidateAudience = true,   
              ValidIssuer = issuer // your issuer,  
              ValidAudience = audience // your audience
         };  
     }
0
Zhi Lv On

The Issuer and Audience is the standard claim fields for the JWT token:

  • Issuer: Identifies principal that issued the JWT.
  • Audience: Identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must identify itself with a value in the audience claim. If the principal processing the claim does not identify itself with a value in the aud claim when this claim is present, then the JWT must be rejected.

More detail information, you can check the Standard fields.

Then, for the ValidateIssuer and ValidAudience property, if you set the value to ture, the issuer and audience will be validated during token validation.

Here are some relate article about using JWT authentication with Issuer and Audience, you can refer them:

JWT Authentication In ASP.NET Core

Authentication And Authorization In ASP.NET 5 With JWT And Swagger

Related Questions in ASP.NET-CORE

Related Questions in AUTHENTICATION

Related Questions in JWT

Related Questions in AUDIENCE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.