{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 唯我独甜 的问题《Namespaces for .NET JWT token validation: System v》','https://www.manongdao.com/q-121266.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to use JWT to authenticate a Node application to an ASP.NET Web API.
In ASP.NET, I am using .NET 4.5.1 and nuget package System.IdentityModel.Tokens.Jwt 5.0.0
What I don't understand is, why the namespaces are mixed between Microsoft and System.
For example:
var tokenReader = new JwtSecurityTokenHandler();
tokenReader.ValidateToken(token,
new TokenValidationParameters()
{
ValidateAudience = false
},
out validatedToken);
The main JwtSecurityTokenHandler is in the System.IdentityModel.Tokens.Jwt namespace, but the TokenValidationParameters class and its dependencies are in the Microsoft.IdentityModel.Tokens namespace, and possibly collide with similar classes in the System.IdentityModel.Tokens namespace.
Is this by design or is this a possible sign of a version mismatch somewhere else?
If you take a look at the dependency for
nuget System.IdentityModel.Tokens.Jwt 4.0.2
vs
nuget System.IdentityModel.Tokens.Jwt 5.0
you'll see that 5.0 has a dependency on
that 4.0 didn't have. In fact, no previous version did.
Microsoft is re-architect-ing their frameworks to be more light weight. In a framework the size of ASP.NET, you will have many functional redundancies.
To make WIF lighter, while remaining backwards compatible, the decision was made to remove the redundant functionality from libraries like
System.IdentityModel.Tokens.Jwtno longer depend onSystem.IdentityModel.Tokens, but instead onMicrosoft.IdentityModel.Tokens. One of the unfortunate results is that both layers expose the same methods.In these cases, when you instance you must provide the entire namespace to inform the compiler which Class and namespace you're referencing. So, you will avoid conflicts.
Microsoft.Identity is deprecated in NET 4.5. And you can see more here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/256c6bcd-6752-4487-b2e8-6c63f4efb9e9/difference-between-microsoftidentitymodel-and-systemidentitymodel?forum=Geneva