I have a service that generates a JWT bearer token using AAD App that they own. The service calls our API by sending the token in the header. How do I verify the signature and the calling user (AAD app in this case)
I see documentation/blogs suggesting following code, but that does not verify signature and/or user -
public void ConfigureAuth(IAppBuilder app)
{
var tokenValidationParameter = new TokenValidationParameters();
tokenValidationParameter.ValidAudience = ConfigurationManager.AppSettings["Audience"];
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
TokenValidationParameters = tokenValidationParameter,
Tenant = ConfigurationManager.AppSettings["Tenant"]
});
}
Aucun commentaire:
Enregistrer un commentaire