Hello,
i want to use JWT Authentication in an App using .net 8
so i have configured Program.cs like this:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(
authenticationScheme: JwtBearerDefaults.AuthenticationScheme,
configureOptions:options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
//options.Audience = "http://localhost:5001/";
//options.Authority = "http://localhost:5000/";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = jwtIssuer,
ValidAudience = jwtAudience,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey)),
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
//ClockSkew = TimeSpan.Zero
};
});
and for Authorize Api :
[HttpGet("apiGetProducts")]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public async Task<ActionResult> GetProducts()
{
return Ok(await _Repository.GetProducts());
}
and Appsettings:
"jwt": {
"key": "
*
* * * ** *",
//Front
"Issuer": "https://localhost:5027",
//API
"Audience": "https://localhost:7173",
"Subject": "* * * * * * *",
"Secret": "* * * * * * "
},
and everything work Good, but then, i tried to change values in Apssettings Json file , and i changed Issuer and Audience values,
so normally, the app wil have a Bug(Unauthorize)
BUT
for my case , the app still work even i changed Issuer and Adience Values
any idea ?