So we were upgrading to asp.net core, the old system where using a custom jwt validation. Since asp.net core Authentication comes with a built in AothenticationBuilder for Jwt we decided to use that one instead (seems reasonable right?)
One thing was that the old system where not using the Authorization header and where accepting with or without
So we needed a way to look at the custom header for a token and forward it to asp.net Authentication. Of course there is a simple solution to this. Here it is:
options.Events = new JwtBearerEvents
OnMessageReceived = ctx =>
var bearerToken = ctx.Request.Headers["SpecialApiKey"].ElementAt(0);
var token = bearerToken.StartsWith("Bearer ") ? bearerToken.Substring(7) : bearerToken;
ctx.Token = token;
We simply add a new callback to
OnMessageReceived in the
We look for a header with the name
SpecialApiKey then we see if it starts with Bearer and if so we strip that part out.
That’s all. Pretty smooth right?
Until next time, have a good one.