I have an ASP MVC web application running over the top of an array of Micro Services (Service Stack Services).
The web application authenticates against one of the micro-services and receives a JWT.
I am wanting to decode the JWT within the web application, so that I can apply local authorization without having to go to the API to get rejected (also to control visibility of features within the app).
I have tried the following
I have descended my controller classes from ServiceStackController
Authenticate against the micro
var authClient = new JsonServiceClient(ConfigurationManager.AppSettings["Service.Account.URL"]);
var authResponse = authClient.Get(new Authenticate
provider = "credentials",
UserName = user,
Password = pass,
RememberMe = true,
if (authResponse != null)
HttpContext.Current.Session[BearerToken] = authResponse.BearerToken;
Attempted to retrieve the session using
var session = base.SessionAs<AuthUserSession>();
however the session is always empty.
I suspect after the authentication, I need to do something additional with the jwt that I receive in order for the SessionAs to work as intended. I also have no reference to the encoding key, so I must need to do something there also
Any help would be appreciated.
Also, is it possible to decode this jwt without having to invoke the apphost engine and descend controllers ?
Note: ServiceStack Sessions have nothing to do with ASP.NET Sessions which are completely unrelated. IMO you should be returning the JWT as a ss-tok Response Cookie that way the client sends it with each subsequent request to that server.
If the client sends the JWT in the ss-tok header you’ll be able to access it from your ServiceStackController with: