Aspnetcore: ASP.NET Core 2.2 Signature validation failed in JwtBearer Authentication (just in Linux/MacOS)

Created on 17 Dec 2018  路  10Comments  路  Source: dotnet/aspnetcore

Describe the bug

After updating to 2.2 RSA signature cant' be verify in Linux and MacOS ( in windows it is ok).
I use this code in the startup to set authentication:

  services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(config =>
            {
                config.Events = new API.Core.Security.JwtBearerEvents();
                config.RequireHttpsMetadata = !CurrentEnvironment.IsDevelopment();
                config.IncludeErrorDetails = CurrentEnvironment.IsDevelopment();
                config.SaveToken = true;
                config.TokenValidationParameters = new TokenValidationParameters()
                {
                    RequireSignedTokens = true,
                    ValidateIssuerSigningKey = true,
                    ValidateLifetime = true,
                    ValidateAudience = false,
                    ValidateIssuer = false,
                    IssuerSigningKey = new RsaSecurityKey(rsa)
                };

            });

After update in any endpoint with [Authorize] attribute in Linux or MacOS authentication middleware throw can't verify signature error.
in Older version or in windows it works just fine.

To Reproduce

Steps to reproduce the behavior:

  1. Using this version of ASP.NET Core '2.2.101'
  2. Add AddJwtBearer in Authentication
  3. Run in Linux/MacOs
  4. Call endpoint with [Authorize]
  5. See the error
area-security
Source
picture PejmanNik
👍1

All 10 comments

Sounds like

https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1067

We had to roll back to 5.2.4 - 5.3.0 seems to have issues.

leastprivilege picture leastprivilege on 18 Dec 2018

Agree with @leastprivilege , so closing this issue. Thanks!

Eilon picture Eilon on 20 Dec 2018
👎1

Err. Closing that issue does not fix it.

leastprivilege picture leastprivilege on 21 Dec 2018

Thank you for closing and ignoring the issue.馃槕馃槕馃槓

PejmanNik picture PejmanNik on 21 Dec 2018

Sorry for the confusion, we must have mis-understood it. Re-opening so we can evaluate again.

Eilon picture Eilon on 27 Dec 2018
1

@leastprivilege so you're saying that if https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1067 is fixed, there's still more to do in ASP.NET Core to address this issue? If so, we're not seeing what that additional work would be. Can you provide more info?

Eilon picture Eilon on 3 Jan 2019

Closing as IdentityModel is fixing the issue.

Tratcher picture Tratcher on 17 Jan 2019

How it fixing this issue?
I can't use Authentication with dotnet core 2.2 on any Mac or Linux system.

PejmanNik picture PejmanNik on 27 Jan 2019

Update your IdentityModel dependencies to 5.4. https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/1067#issuecomment-456445438

Tratcher picture Tratcher on 27 Jan 2019
👍1

It is work now 馃憤
Thank you so much @Tratcher

PejmanNik picture PejmanNik on 28 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ipinak picture ipinak  路  3Comments
rynowak picture rynowak  路  3Comments
ermithun picture ermithun  路  3Comments
aurokk picture aurokk  路  3Comments
TanvirArjel picture TanvirArjel  路  3Comments