Adam February 2016

Azure Mobile Apps offline WEBSITE_AUTH_SIGNING_KEY

When trying the Azure Mobile Apps offline (in Visual Studio and local IIS with SSL), one has to supply an alternative to Azure's WEBSITE_AUTH_SIGNING_KEY as the SigningKey for the JWT tokens.

How can you generate a dev SigningKey?

Answers


brettsam February 2016

In order to test authenticated endpoints locally you need to use the same signing key that was used to generate the auth token (JWT).

If you are logging in against your cloud site, this means that locally you must validate the token using the same signing key. You can find this by going to https://{yoursite}.scm.azurewebsites.net/env and searching for WEBSITE_AUTH_SIGNING_KEY. Note that you should not hard-code this key in any code that you ship (for example, read the value from a config file only used for testing).

For creating your own key -- You need to use a SHA256 hash as a signing key. I typically use http://www.xorbin.com/tools/sha256-hash-calculator for generating them.

Post Status

Asked in February 2016
Viewed 3,764 times
Voted 14
Answered 1 times

Search




Leave an answer