Implement JWT Authentication and Authorization in ASP.NET Core

- by admin

JSON Web Token (JWT) is a common authentication method in modern web development  In this article, we will explore How to implement JWT Authentication and Authorization in ASP.NET Core application.

Create an Asp.NET Core Web API Project

Assuming you have Visual Studio 2019 or Visual Studio 2022 installed, follow these steps to create a new ASP.NET Core Project

  • Open the visual studio (IDE).
  • Click on the “Create new project” option.
  • Choose “ASP.NET Core Web API” from the list of available templates.
  • Click the Next button.
  • The configure a new project, specify the name and location of your project.
  • Click the “Next” button.
  • Then select .Net Core as the runtime and choose the version from the dropdown list at the top.
  • Make sure to uncheck the checkboxes for “Enable Docker Support” and “Configure for HTTPS” since we won’t be using authentication.
  • Click the “Create” button

Install the JwtBearer NuGet Package

Add the “Microsoft.AspNetCore.Authentication.JwtBearer” NuGet package to your project.

  • Select the  project Solution in the Explorer window
  • Right-click and select “Manage NuGet Packages”
  • In the NuGet Package Manager window, search for the “Microsoft.AspNetCore.Authentication.JwtBearer”
  • Click on the Install button.

Another way to install the package “Microsoft.AspNetCore.Authentication.JwtBearer”   via Package Manager Console

PM> Install-Package Microsoft.AspNetCore.Authentication.JwtBearer

Specify a Secret Key in the appsettings.json file

Add the following information in the appettings.json file.

 "JWT": {
   "key": "YouSecreteKeyforAuthenticationtovalidateApplication",
   "Issuer": "reactconf.org",
   "Audience": "reactconf.org"
 },

Configure JWT  authentication in the Program.cs file

using dotNet8CRUDWebAPI.Services;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.


builder.Services.AddAuthentication(option =>
{
    option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    option.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(opt =>
{
    opt.TokenValidationParameters = new TokenValidationParameters
    {
     ValidIssuer = builder.Configuration["Jwt:Issuer"],
     ValidAudience= builder.Configuration["Jwt:Audience"],
     IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])),
     ValidateIssuer=true,
     ValidateAudience=true,
     ValidateLifetime=false,
     ValidateIssuerSigningKey=true

    };
});
    
    
    
   
builder.Services.AddControllers();

builder.Services.AddSingleton<IDepartment,DepartmentServices>();
var app = builder.Build();

// Configure the HTTP request pipeline.


app.UseHttpsRedirection();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();

Create a User Model in ASP.NET Core

For storing the login credentials of the users, we need to create a class named Login in the Model folder.

namespace dotNet8CRUDWebAPI.Model
{
    public class Login
    {
        public string username {  get; set; }
        public string password { get; set; }
    }
}

Generate JWT Tokens

We are Creating another controller named “TokenGenerate”  to generate and validate the JWT. Create action method “Post”,  this method generated token in response to an initial request to the API, then use it for authorization in all subsequent requests.

using dotNet8CRUDWebAPI.Model;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity.Data;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

namespace dotNet8CRUDWebAPI.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class TokenGenerateController : ControllerBase
    {
        private readonly IConfiguration _configuration;
        //private SymmetricSecurityKey _key;
       

        public TokenGenerateController(IConfiguration configuration)
        {
            _configuration = configuration;
           
        }
        [HttpPost]
        public IActionResult Post(Login  loginRequest)
        {
            if (loginRequest.username == "Admin" || loginRequest.password == "Passw0rd")
            {
                var issuer = _configuration["Jwt:Issuer"];
                var audience = _configuration["Jwt:Audience"];
                var _key =  Encoding.ASCII.GetBytes(_configuration["Jwt:Key"]);


                var tokenDescriptor = new SecurityTokenDescriptor
                {
                    Subject = new ClaimsIdentity(new[]
                    {
                        new Claim("Id",Guid.NewGuid().ToString()),
                        new Claim(JwtRegisteredClaimNames.Sub, loginRequest.username),
                        new Claim(JwtRegisteredClaimNames.Email, loginRequest.username),
                        new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
                   }),

                    Expires = DateTime.UtcNow.AddMinutes(10),
                    Issuer = issuer,
                    Audience = audience,
                    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(_key), SecurityAlgorithms.HmacSha256Signature)
                };



                var tokenHandler = new JwtSecurityTokenHandler();
                var token = tokenHandler.CreateToken(tokenDescriptor);
                var jwttoken = tokenHandler.WriteToken(token);
                var stringToken = tokenHandler.WriteToken(token);
                return Ok(stringToken);
            }


            return Ok("Unauthorized");
        }
    }
}

Handling Authorization Checks

To handle authorization checks, you can use the [Authorize] attribute on controller and actions method.


namespace dotNet8CRUDWebAPI.Controllers
{
    [Authorize]
    [Route("api/[controller]")]
    [ApiController]
    public class DepartmentController : ControllerBase
    {
        private readonly IDepartment _department;

        public DepartmentController(IDepartment department)
        {
           _department = department;
        }

        [HttpGet]
        public IActionResult Get([FromQuery] bool? isActive=null)
        {
            return Ok(_department.GetAllList(isActive));
        }
   }
}

Now simply run the application or press F5 to run

Generate Token

Authorization Checks

See More: .NET 8: How to make API faster in Asp.Net Core

Related Posts

.NET 8: How to make API faster in Asp.Net Core

.NET 8: ASP.Net Core Web API CRUD Operations

About admin

View all posts by admin →

0 Comments on “Implement JWT Authentication and Authorization in ASP.NET Core”

  1. I’m thoroughly captivated by the profound understanding and superb ability to convey information. The knowledge you share is evident in each paragraph. It’s obvious that you spend considerable time into delving into your topics, and the results pays off. Thanks for providing this valuable knowledge. Continue the excellent job! Learn more about [OnlyFans Marketing](https://elevenviral.com/onlyfans-marketing-growth-service/) https://elevenviral.com/onlyfans-marketing-growth-service/

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *