I'm trying to implement my own version of JWT Bearer authentication on top of ASP.NET 5, without referring to any existing JWT token handler classes. It's my exercise to understand internal mechanism of authentication and authorization.
I have a project to play around. See it here. JWT token code is in separate assembly - SimpleJwtAuth
. It can generate the token by user login and password. But I have questions about Authentication. I inherited from AuthenticationHandler<TAuthOptions>
, which can return AuthenticationResult.Failed
or AuthenticationResult.Success
with AuthenticationTicket
.
The problem is that I don't see how this AuthenticationTicket
could log the user in. Should I invoke SignInManager.SignInAsync
by myself, or did I forget to set any parameters to make this happen automatically?
Speaking of examples: I see that it's the developer's code responsibility to sign the user in. It makes me think that i should do the similar thing. But then - why do we need AuthenticateResult
and its tickets at all?