C
C#8mo ago
yusuke

❔ ✅ Need help to reuse RequireAuthorization() method on a different project

I was wondering if since I have project A project as the main project to have the login/register endpoints and I create a second project where I just use the RequireAuthorization() method on my endpoints, would the second project endpoints work if i supply a token from the first project? I'm trying to avoid needing to call httpclient to check if the token is valid. Im using dotnet 8, EFCore, IdentityServer and postgres. I basically followed this video from Nick Chapsas https://www.youtube.com/watch?v=sZnu-TyaGNk&t=302s and was wondering if I can't have the RequireAuthorization method on my endpoints from my second project?
Nick Chapsas
YouTube
The .NET 8 Auth Changes You Must Know About!
Use code DDD20 and get 20% off the brand new Domain-Driven Design course on Dometrain: https://dometrain.com/course/getting-started-domain-driven-design-ddd Become a Patreon and get source code access: https://www.patreon.com/nickchapsas Hello, everybody, I'm Nick, and in this video, I will show you how Authentication and Identity have changed...
27 Replies
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
yusuke
yusuke8mo ago
am I forced to build the identity server section into every project? When i pass the token in the header to WebApiB that is running then it still says unauthorized but when I use that same token on WebApiA then it works all I want to be able to do is login to WebApiA and get my token which works. Using that token on any endpoint on WebApiA works perfectly but doesn't work in WebApiB. Is there no possible way to achieve this?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
yes that's all I want
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
then how would I go about authorizing separates projects?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
from WebApiB?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
so I have to make an httpclient call from WebApiB to be authenticated by WebApiA?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
How would WebApiB be able to verify a token? I know how to pass it as a bearer token in a api request but, Im confused at the logic how would WebApiB know to check this token?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
Its not JWT, this is what it looks like 
{
    "tokenType": "Bearer",
    "accessToken": "CfDJ8E4rNyTl67ZJnsp8wR3-HHDtPJ2XOycTvttQMEoSM4RPtRox8-Zhlj6h8s0aznscCZ_x_QP8JbHP1ZvJhkYv41iyNsC-iWA0K1Qz7U7td4leRmCD3TlKCzKSkj9PIuRtcftG1II2IyNO1Ieqz-X9r5CBoqg1rtI-PK_lc1aBd6iTy-bkHl2ZNQyE1VO2FA_hUSeFY5OX18Cx9hQZT8TQnhPmnsHLoQtS-6yal63c7aMcWwuwTsyDHzHZ0uskInqg8Fx9GqxJMd3MQW_1b2Uv6IOlN2C08KnFUchgK8aobXIKR6cor8WqcaD7HoYi3umladYy2fvA43sxySmviCFHFv2of0XmpJw_5fMWjbkYGDTpXBo6roOBNSDU_GxTcSKXI87pcf0yyIvn9sQQiTBnHmTdZZxwEpH5rKUBE0JxdqUaKPyEweR_BZHfxFfvRBsBheCEDYqtwVW2aajjPWYOiQrFsdi1gV20j7NFkwCjjdZ2VKkY0--iRkfeC4bgq5q9KnOitcBEhpXDtk_JyiqSXUi_8HnYpgZ2YLgGzyN6JCNTlkqtENHaNhFC-AjhJJtRt5L9NSsGRwfC_oCL15kmSEAKnwknFZnwZ60TMmnIUrDn9aKJpshetKP3V0Cnz3MaXJElrQUe3f3k7xDcJUVnIsjRcKM7o50bt8FtNAxrQ8_YE3bRg2Vv46YFHqQsJ7NNv1gJ7jQB-J-jz39bz0Oti5M",
    "expiresIn": 3600,
    "refreshToken": "CfDJ8E4rNyTl67ZJnsp8wR3-HHB-XaQGTJA86GCCq5CVIWO1pR9rwLzwMyYPF5ZVrRbvugYhm723KDPLOiRbZeUG5N1w4i3UyWb24apw6_br8vYw4gkJGU_UT5gs-uY_A9gAlTma7LPUFDyuWdb6w9DQjamBu8SvqLwKa2pMuY5e4On7BdDhvc-ZtI0EGJPOF5eZDNDFatGGvYbe8E684Ev_MRneorMYXS9tDYnIG8AcBRJ9ZALi45gQ-HBex2s25idS1IPwNy2rm1BpwJIDb171VJqrYiFHhsVBLThQ8IEXJ_RTGmgU4OaL1uuBq5OA6MKSrfURhrSD-JjW5IbInhIVWsHGlOcYLtYuDd8iZronwqDy40ds0VIp2VYI5Lg7goUmdkJfb0ioRURYnf0RKaCogrqfvNRdPzbRuznMiLikN5m4F6TUVCfkOxd4MbfrtsKC67cgLHe0YlSPf_MEs2URXTw7bOEGQdQ0ziTjPOp8u0gfw4NHEGCWh1AvgmeQfXheKKvm5rV6qcjacGosJ8yJRTQSgVDQWiqNpp6-oUEyVW5NMzGAnaVJa1keu07aH-BKy9UKh8k_0p_Q7t9P2KcJTg-ytXBUVZYbW20w2kFqElAj8LXKEUu21GoDgrZsO4SJOI_ZQ0uMSMP-HxdIwaLip6NQzhVehykJas6GU8k3LD-Oo9hOU6Xx_fKMFp3Xf_1HhekrI4XpaCVj-xYd-BgUGe4"
}
{
    "tokenType": "Bearer",
    "accessToken": "CfDJ8E4rNyTl67ZJnsp8wR3-HHDtPJ2XOycTvttQMEoSM4RPtRox8-Zhlj6h8s0aznscCZ_x_QP8JbHP1ZvJhkYv41iyNsC-iWA0K1Qz7U7td4leRmCD3TlKCzKSkj9PIuRtcftG1II2IyNO1Ieqz-X9r5CBoqg1rtI-PK_lc1aBd6iTy-bkHl2ZNQyE1VO2FA_hUSeFY5OX18Cx9hQZT8TQnhPmnsHLoQtS-6yal63c7aMcWwuwTsyDHzHZ0uskInqg8Fx9GqxJMd3MQW_1b2Uv6IOlN2C08KnFUchgK8aobXIKR6cor8WqcaD7HoYi3umladYy2fvA43sxySmviCFHFv2of0XmpJw_5fMWjbkYGDTpXBo6roOBNSDU_GxTcSKXI87pcf0yyIvn9sQQiTBnHmTdZZxwEpH5rKUBE0JxdqUaKPyEweR_BZHfxFfvRBsBheCEDYqtwVW2aajjPWYOiQrFsdi1gV20j7NFkwCjjdZ2VKkY0--iRkfeC4bgq5q9KnOitcBEhpXDtk_JyiqSXUi_8HnYpgZ2YLgGzyN6JCNTlkqtENHaNhFC-AjhJJtRt5L9NSsGRwfC_oCL15kmSEAKnwknFZnwZ60TMmnIUrDn9aKJpshetKP3V0Cnz3MaXJElrQUe3f3k7xDcJUVnIsjRcKM7o50bt8FtNAxrQ8_YE3bRg2Vv46YFHqQsJ7NNv1gJ7jQB-J-jz39bz0Oti5M",
    "expiresIn": 3600,
    "refreshToken": "CfDJ8E4rNyTl67ZJnsp8wR3-HHB-XaQGTJA86GCCq5CVIWO1pR9rwLzwMyYPF5ZVrRbvugYhm723KDPLOiRbZeUG5N1w4i3UyWb24apw6_br8vYw4gkJGU_UT5gs-uY_A9gAlTma7LPUFDyuWdb6w9DQjamBu8SvqLwKa2pMuY5e4On7BdDhvc-ZtI0EGJPOF5eZDNDFatGGvYbe8E684Ev_MRneorMYXS9tDYnIG8AcBRJ9ZALi45gQ-HBex2s25idS1IPwNy2rm1BpwJIDb171VJqrYiFHhsVBLThQ8IEXJ_RTGmgU4OaL1uuBq5OA6MKSrfURhrSD-JjW5IbInhIVWsHGlOcYLtYuDd8iZronwqDy40ds0VIp2VYI5Lg7goUmdkJfb0ioRURYnf0RKaCogrqfvNRdPzbRuznMiLikN5m4F6TUVCfkOxd4MbfrtsKC67cgLHe0YlSPf_MEs2URXTw7bOEGQdQ0ziTjPOp8u0gfw4NHEGCWh1AvgmeQfXheKKvm5rV6qcjacGosJ8yJRTQSgVDQWiqNpp6-oUEyVW5NMzGAnaVJa1keu07aH-BKy9UKh8k_0p_Q7t9P2KcJTg-ytXBUVZYbW20w2kFqElAj8LXKEUu21GoDgrZsO4SJOI_ZQ0uMSMP-HxdIwaLip6NQzhVehykJas6GU8k3LD-Oo9hOU6Xx_fKMFp3Xf_1HhekrI4XpaCVj-xYd-BgUGe4"
}
as you see in the txt file I sent, a lot is done behind the scenes on dotnet 8 with identity
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
so both WebApi projects would need like shared config?
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
oh! that's possibly why my token works in WebApiA and not WebApiB, because the audience and configs are different
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
Then I'll switch to JWT like this 
builder.Services.AddAuthentication(IdentityConstants.BearerScheme)
    .AddJwtBearer(IdentityConstants.BearerScheme, options =>
    {
        options.Authority = "your_issuer"; // The issuer of your tokens
        options.Audience = "your_audience"; // The audience for your tokens
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your_secret_key")),
            ValidateIssuer = true,
            ValidateAudience = true,
        };
    });
builder.Services.AddAuthentication(IdentityConstants.BearerScheme)
    .AddJwtBearer(IdentityConstants.BearerScheme, options =>
    {
        options.Authority = "your_issuer"; // The issuer of your tokens
        options.Audience = "your_audience"; // The audience for your tokens
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("your_secret_key")),
            ValidateIssuer = true,
            ValidateAudience = true,
        };
    });
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
Thanks!
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
yusuke
yusuke8mo ago
I appreciate your help. I think moving over to jwt will be a start is right direction
Unknown User
Unknown User8mo ago
Message Not Public
Sign In & Join Server To View
Accord
Accord8mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity. Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ Copy files before building a projectHi all! I am trying to do a thing that but I don't know if it's possible. I have a Debug and Relea❔ Just got started with leetcode after a year of learning, I need some help...So the title says it all I guess, I started with leetcode after around a year with learning and I st❔ Publishing projectHello, I am trying to publish a WPF project with NuGet dependencies. I am trying to publish to a sin❔ Having issues placing a set of Console.WriteLine statements in the correct spotFirst, I am a beginner, so I would REALLY appreciate explanations on criticism. That way, I can unde❔ ✅ WinForms ListBox.DataSource not workingI have a ListBox that contains only instances of Employee. ToString looks like `Employee { Name: "Joplease help homework due in 20 minsProgram Description: You are to read an external file of random integer values until the end of file❔ Azure AD B2C Sign-In and Password Reset URL ParametersHey there, hope you all have an awesome day ahead. I got this azure ad b2c custom sign-in policy ca✅ Confusing wording, seeking clarification, NOT homework helpHello (again for those that remember) ive got this assignment, but yet again I have no idea what th❔ Two Program.cs files in new Blazor Web App template.After playing around with the preview version of .NET 8 I noticed that in the new Blazor Web App tem❔ ASP.NET Razor pages, understanding dataHello, I would greatly appreciate it if someone can help me understand how data works within razor p