Hi, I am using JWTs to send data from a client application to an ASP.Net Core Web API. I have been told I need to encrypt the claims/payload data in the client application and decrypt it using the same private key in the Web API code.

​

What would be the best way to do this? I ask because the authentication middleware automatically adds the user claims to the HttpContext.User object but I would need to somehow intercept this to first decrypt the claims so that the correct claims are added.

Currently, the JWT holds "AccountID" as a user claim and some other data we want to encrypt and then it goes into the middleware:

services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = Configuration["Jwt:Issuer"], ValidAudience = Configuration["Jwt:Issuer"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"])), }; }); 

Do I need to create my own custom middleware that gets triggered before the Authentication middleware? (this is a complete guess and not sure if this is possible since the Authentication middleware is in charge of decoding the JWT):

app.UseCustomJwtDecryption(); // like this app.UseAuthentication(); 

Any advice is appreciated, thank you :)