We’ve had some requests recently from customers for some examples to show how to use Approov tokens with an ASP.Net Core 2.0 back end. In this blog I’ll walk you through adding the check to a basic API. It’s really straight forward! Thanks to Jon Hilton for this great blog which formed the basis for this example.
Steps
- Require Authentication for our API controllers
- Configure JWT Auth in startup.cs
Require Authentication
We need to add the [Authorize] attribute to get our API to check for some authentication.
|
[Authorize] |
|
[Route("api")] |
|
public class ApiController : Controller |
|
{ |
|
[HttpGet("Test")] |
|
public IActionResult Test() |
|
{ |
|
return Ok("Content secured with Approov Token"); |
|
} |
|
|
|
// rest of controller goes here |
|
} |
Configure JWT Auth
Approov tokens are JWTs. To add JWT auth you need to configure it in startup.cs.
|
public void ConfigureServices(IServiceCollection services) |
|
{ |
|
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) |
|
.AddJwtBearer(options => |
|
{ |
|
options.TokenValidationParameters = new TokenValidationParameters |
|
{ |
|
ValidateLifetime = true, |
|
ValidateIssuerSigningKey = true, |
|
IssuerSigningKey = new SymmetricSecurityKey( |
|
System.Convert.FromBase64String(_configuration["ApproovTokenSecret"])) |
|
}; |
|
}); |
|
|
|
services.AddMvc(); |
|
} |
The Approov Token Secret bytes are stored as a base64 encoded string, to use the secret we must decode it back into bytes. If _configuration is missing you can include with the constructor.
|
public Startup(IConfiguration configuration) |
|
{ |
|
_configuration = configuration; |
|
} |
To see how this all fits in to an application you can see the full example on GitHub.