.NET Core JwtBearer Offline

Help
, , , ,
1

I am using ASPNET Core and configuring the authentication in the ConfigureServices method in the Startup.cs.

I am setting it up as follows:

        services
            .AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(cfg =>
            {
                cfg.RequireHttpsMetadata = false;
                cfg.SaveToken = true;
                cfg.Authority = Configuration["Auth:Authority"];
                cfg.Audience = Configuration["Auth:Audience"];
                cfg.Events = new JwtBearerEvents
                {
                    OnTokenValidated = context => { return Task.CompletedTask; },
                    OnMessageReceived = context => { return Task.CompletedTask; },
                    OnAuthenticationFailed = context => { return Task.CompletedTask; },
                };
            });

This all works fine when the project starts and I have internet connection. However, if the ASPNET Core project starts without internet connection, it will not authenticate the JWT when authentication is requested.

Does anyone have a solution for this? How do we support offline?

Thanks!

2

My guess is that the problem on startup without an internet connection is that the JWT middleware cannot connect to Auth0 to download the certificates to validate the tokens. And for some reason, the JWT middleware does not try and do it subsequently.

To work around this you will have to store the certificate locally. There is no example of doing this with ASP.NET Core, but there is an example of doing this with OWIN

The OWIN sample should put you on the correct path for doing this with ASP.NET Core.