Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
411 views
in Technique[技术] by (71.8m points)

c# - Namespaces for .NET JWT token validation: System vs. Microsoft

I am trying to use JWT to authenticate a Node application to an ASP.NET Web API.

In ASP.NET, I am using .NET 4.5.1 and nuget package System.IdentityModel.Tokens.Jwt 5.0.0

What I don't understand is, why the namespaces are mixed between Microsoft and System.

For example:

var tokenReader = new JwtSecurityTokenHandler();

tokenReader.ValidateToken(token, 
                new TokenValidationParameters()
            {
                ValidateAudience = false
            },
                out validatedToken);    

The main JwtSecurityTokenHandler is in the System.IdentityModel.Tokens.Jwt namespace, but the TokenValidationParameters class and its dependencies are in the Microsoft.IdentityModel.Tokens namespace, and possibly collide with similar classes in the System.IdentityModel.Tokens namespace.

Is this by design or is this a possible sign of a version mismatch somewhere else?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

If you take a look at the dependency for

nuget System.IdentityModel.Tokens.Jwt 4.0.2

vs

nuget System.IdentityModel.Tokens.Jwt 5.0

you'll see that 5.0 has a dependency on

Dependencies

.NETFramework 4.5.1

Microsoft.IdentityModel.Tokens (>=5.0.0)

that 4.0 didn't have. In fact, no previous version did.

Microsoft is re-architect-ing their frameworks to be more light weight. In a framework the size of ASP.NET, you will have many functional redundancies.

To make WIF lighter, while remaining backwards compatible, the decision was made to remove the redundant functionality from libraries like System.IdentityModel.Tokens.Jwt no longer depend on System.IdentityModel.Tokens, but instead on Microsoft.IdentityModel.Tokens. One of the unfortunate results is that both layers expose the same methods.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...