Comments (3)
Hi @kcaswick,
I haven't tried mocking authentication so I can't really advise you, but I can see the benefits of mocking authentication. At the moment I build runnable examples, but unit tests would be great so I will try to help.
One thing I did when working on JWT Token is that the signature used for creating the token and the signature for checking the token are different, and I don't know why (which worries me) - see this here. Could that be creating your error??
Some question:
- Where does the Unauthorized error come from? I assume from code outside the AuthP code - correct??
- I don't understand the two code block you show. I would have thought you would have one block to register AuthP.
Not sure that helps but its all I have at this stage.
from authpermissions.aspnetcore.
The 2 blocks are the standard, non-testing registration (in Startup.ConfigureServices), and then the testing registration (in CustomWebApplicationFactory.ConfigureWebHost). The testing registration runs second, since for the database side Microsoft's documentation has it remove the standard DbContextOptions to replace it with one configured to UseInMemoryDatabase().
I'm not certain where the error comes from, somewhere outside my code, but when I turn logging all the way up to trace I get this:
Information [1]: Failed to validate the token.
Information [1]: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10503: Signature validation failed. Token does not have a kid. Keys tried: 'System.Text.StringBuilder'.
Exceptions caught:
'System.Text.StringBuilder'.
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken)
at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync()
After adding that exception to the Break When Thrown settings, it looks like it may be coming from something configured by the AAD authentication.
Currently I've set this branch aside and I'm trying to implement my own AuthPolicy instead. In researching for that, I suspect part of the problem may be that I am not un-registering the old auth, nor using a different name for the test auth scheme. Perhaps a better path would be to skip the token entirely, and just add the claims directly via the TestAuthHandler,
from authpermissions.aspnetcore.
First thing: the exception in Microsoft's code, not AuthP code but I do wonder if its because AuthP code uses the recommended SecurityAlgorithms.HmacSha256Signature
and not SecurityAlgorithms.HmacSha256
. Worth a check.
Yep, this code is complex and any way you can simplify is going to help.
I'll close this for now, but if you want to reopen it again I happy to help.
from authpermissions.aspnetcore.
Related Issues (20)
- Can this library work with microservice based solution HOT 1
- Error localization / translation feature request HOT 14
- Create a demo using JWT and Cookie both HOT 1
- Startup failing with EF Core 7 HOT 3
- User who has rights in several tenants HOT 3
- Invite user that already invited on another tenant by same email Id. HOT 1
- AddSingleTenantReadWriteQueryFilter for Entity type hierarchy HOT 6
- Potential error in Wiki for Setup Authentication HOT 1
- SQLite and GRPC HOT 14
- .net 7 Error Sharding Example HOT 1
- SigningKey Property on AuthPJwtConfiguration doesn't support keys generated as byte[] HOT 4
- AuthP support for UserNames? HOT 4
- API using AuthP and AzureAd Token HOT 1
- Some claim changes ignored until logout/login HOT 3
- Enable Audit functionality on Tenant HOT 4
- ShardingServices - value cannot be null due to update to 5.0.1 HOT 6
- User access in multiple tenants HOT 4
- Support .NET 8 HOT 4
- The name of the database date can't be null HOT 15
- Soft Delete HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authpermissions.aspnetcore.