We're Hiring!

Checking Approov Tokens in ASP.Net Core 2.0

Closeup of basketball nets

We’ve had some requests recently from customers for some examples to show how to use Approov tokens with an ASP.Net Core 2.0 back end. In this blog I’ll walk you through adding the check to a basic API. It’s really straight forward! Thanks to Jon Hilton for this great blog which formed the basis for this example.

Steps

  1. Require Authentication for our API controllers
  2. Configure JWT Auth in startup.cs

Require Authentication

We need to add the [Authorize] attribute to get our API to check for some authentication.

[Authorize]
[Route("api")]
public class ApiController : Controller
{
[HttpGet("Test")]
public IActionResult Test()
{
return Ok("Content secured with Approov Token");
}
// rest of controller goes here
}
view rawauthentication.cs hosted with ❤ by GitHub
 

Configure JWT Auth

Approov tokens are JWTs. To add JWT auth you need to configure it in startup.cs.

public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(
System.Convert.FromBase64String(_configuration["ApproovTokenSecret"]))
};
});
services.AddMvc();
}
view rawstartup.cs hosted with ❤ by GitHub

The Approov Token Secret bytes are stored as a base64 encoded string, to use the secret we must decode it back into bytes. If _configuration is missing you can include with the constructor.

public Startup(IConfiguration configuration)
{
_configuration = configuration;
}
view rawstartup.cs hosted with ❤ by GitHub

To see how this all fits in to an application you can see the full example on GitHub.

Try Approov For Free!

Jae Hossell

- CTO of Approov
As an expert software architect and engineer, Jae brings a profound understanding of computer architecture, algorithms, data structures, and systems design. Over two decades of experience have allowed Jae to master a diverse range of technologies and skills including novel architectures, embedded and mobile operating systems, compilers, virtual machines, desktop applications, and comprehensive full-stack cloud-based services. Jae’s app-security expertise has evolved over the last 10 years, as he has immersed himself in the app-security space to continually advance and develop the Approov mobile security solution.