C#•10mo ago

❔ JWT Authentication: Name goes to claims not identity.Name

Following Patrick God tutorial for JWT Authentication and Authorization here: Here's the class in question with dummy token:

public class CustomAuthStateProvider : AuthenticationStateProvider
    {
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
        {
            string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdWIiOiIxMjM0NTY3ODkwIiwiTmFtZSI6IkpvaG4gRG9lIiwiSWF0IjoxNTE2MjM5MDIyfQ.uzQBTdl2-2Ox4am86ZeHGBejT3bRe1A3B_VkY1HBVt4";
            var identity = new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt");
            var user = new ClaimsPrincipal(identity);
            var state = new AuthenticationState(user);
            NotifyAuthenticationStateChanged(Task.FromResult(state));
            return state;
        }
        public static IEnumerable<Claim> ParseClaimsFromJwt(string jwt)
        {
            var payload = jwt.Split('.')[1];
            var jsonBytes = ParseBase64WithoutPadding(payload);
            var keyValuePairs = JsonSerializer.Deserialize<Dictionary<string, object>>(jsonBytes);
            return keyValuePairs.Select(kvp => new Claim(kvp.Key, kvp.Value.ToString()));
        }
        private static byte[] ParseBase64WithoutPadding(string base64)
        {
            switch (base64.Length % 4)
            {
                case 2: base64 += "=="; break;
                case 3: base64 += "="; break;
            }
            return Convert.FromBase64String(base64);
        }
    }

public class CustomAuthStateProvider : AuthenticationStateProvider
    {
        public override async Task<AuthenticationState> GetAuthenticationStateAsync()
        {
            string token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJTdWIiOiIxMjM0NTY3ODkwIiwiTmFtZSI6IkpvaG4gRG9lIiwiSWF0IjoxNTE2MjM5MDIyfQ.uzQBTdl2-2Ox4am86ZeHGBejT3bRe1A3B_VkY1HBVt4";
            var identity = new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt");
            var user = new ClaimsPrincipal(identity);
            var state = new AuthenticationState(user);
            NotifyAuthenticationStateChanged(Task.FromResult(state));
            return state;
        }
        public static IEnumerable<Claim> ParseClaimsFromJwt(string jwt)
        {
            var payload = jwt.Split('.')[1];
            var jsonBytes = ParseBase64WithoutPadding(payload);
            var keyValuePairs = JsonSerializer.Deserialize<Dictionary<string, object>>(jsonBytes);
            return keyValuePairs.Select(kvp => new Claim(kvp.Key, kvp.Value.ToString()));
        }
        private static byte[] ParseBase64WithoutPadding(string base64)
        {
            switch (base64.Length % 4)
            {
                case 2: base64 += "=="; break;
                case 3: base64 += "="; break;
            }
            return Convert.FromBase64String(base64);
        }
    }

Here's the razor HTML from the shared image:

<Authorized>
        <span>You're Authorized as @context.User.Identity.Name</span>
        <br/>
        <span>Claims associated with the user:</span>
        <ul>
            @foreach (var claim in context.User.Claims)
            {
                <li>@claim.Type: @claim.Value</li>
            }
        </ul>
    </Authorized>

<Authorized>
        <span>You're Authorized as @context.User.Identity.Name</span>
        <br/>
        <span>Claims associated with the user:</span>
        <ul>
            @foreach (var claim in context.User.Claims)
            {
                <li>@claim.Type: @claim.Value</li>
            }
        </ul>
    </Authorized>

33 Replies

BigggMoustache•10mo ago

Everything is exactly the same as the video aside me checking claims in html, but his claim overwrites the @context.User.Identity.Name Thanks for any help given!

JakenVeina•10mo ago

uhhh...whose claim? can we clarify the issue here? context.User.Identity is being overwritten? By what?

BigggMoustache•10mo ago

the context.User.Identity is overwritten by var state = new AuthenticationState(user);. Here user holds a claim type Name so I'm wondering why it's not overwriting the User.Identity.Name as shown in the linked tutorial and instead making a new claim under context.User.Claims.

JakenVeina•10mo ago

wait, this is all client-side auth?

BigggMoustache•10mo ago

yeah

JakenVeina•10mo ago

mm-kay I have basically no experience with the client-side auth framework

BigggMoustache•10mo ago

Oh well neither do I 🤣 I'm not really concerned with any particulars at this moment other than why the JWT isn't overriding the default claims or whatever you call them and instead adding claims

JakenVeina•10mo ago

me, I'd probably start looking at the source, if there's really no official docs for it

BigggMoustache•10mo ago

idk what you mean

JakenVeina•10mo ago

source code, I mean

BigggMoustache•10mo ago

oh the example code?

JakenVeina•10mo ago

no the source code

BigggMoustache•10mo ago

like the code I'm writing? I'm writing this. lol.

JakenVeina•10mo ago

no the source code for the thing you're trying to figure out

BigggMoustache•10mo ago

the identity docs? oh okay lmao

JakenVeina•10mo ago

if there are docs, sure

BigggMoustache•10mo ago

sorry I'm dense. Yeah there are.

JakenVeina•10mo ago

otherwise, the source

BigggMoustache•10mo ago

gotcha sorry for being dense

JakenVeina•10mo ago

no big what library is this?

BigggMoustache•10mo ago

ClaimsPrincipal(IEnumerable<ClaimsIdentity>) Initializes a new instance of the ClaimsPrincipal class using the specified claims identities.

this is aspnet identity

JakenVeina•10mo ago

specifically

BigggMoustache•10mo ago

oh one sec

JakenVeina•10mo ago

like I said, I'm not familiar with the client-side libs

BigggMoustache•10mo ago

for the identity claims creation it's System.Security.Claims and Microsoft.AspNetCore.Components.Authorization too

JakenVeina•10mo ago

allllright so, what is context here? also, have you read this?

JakenVeina•10mo ago

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/?view=aspnetcore-7.0#authentication

ASP.NET Core Blazor authentication and authorization

Learn about Blazor authentication and authorization scenarios.

JakenVeina•10mo ago

also this

JakenVeina•10mo ago

https://learn.microsoft.com/en-us/aspnet/core/blazor/security/server/?view=aspnetcore-7.0&tabs=visual-studio#implement-a-custom-authenticationstateprovider

Secure ASP.NET Core Blazor Server apps

Learn how to secure Blazor Server apps as ASP.NET Core applications.

Accord•10mo ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

BigggMoustache•10mo ago

I'm actually not entirely sure. I'm guessing httpcontext which has information from authorization middleware. I have not read those in total but have referenced them when trying to figure this out. They don't show this particular process in detail, that us unpacking a JWT and applying to a claimsidentity.

JakenVeina•10mo ago

I'm guessing httpcontext

well, don't guess, look and see the second link seems to explicitly demonstrate iplementing a custom state provider, where the claims come from is irrelevant although, at a glance, I don't see anything different than what you've shown me

Accord•10mo ago

Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.

Gaming

Programming

❔ JWT Authentication: Name goes to claims not identity.Name