The post Implement JWT Authentication and Authorization in ASP.NET Core appeared first on Tech Insights.
]]>Create an Asp.NET Core Web API Project
Assuming you have Visual Studio 2019 or Visual Studio 2022 installed, follow these steps to create a new ASP.NET Core Project
- Open the visual studio (IDE).
- Click on the “Create new project” option.
- Choose “ASP.NET Core Web API” from the list of available templates.
- Click the Next button.
- The configure a new project, specify the name and location of your project.
- Click the “Next” button.
- Then select .Net Core as the runtime and choose the version from the dropdown list at the top.
- Make sure to uncheck the checkboxes for “Enable Docker Support” and “Configure for HTTPS” since we won’t be using authentication.
- Click the “Create” button
Install the JwtBearer NuGet Package
Add the “Microsoft.AspNetCore.Authentication.JwtBearer” NuGet package to your project.
- Select the project Solution in the Explorer window
- Right-click and select “Manage NuGet Packages”
- In the NuGet Package Manager window, search for the “Microsoft.AspNetCore.Authentication.JwtBearer”
- Click on the Install button.
Another way to install the package “Microsoft.AspNetCore.Authentication.JwtBearer” via Package Manager Console
PM> Install-Package Microsoft.AspNetCore.Authentication.JwtBearer
Specify a Secret Key in the appsettings.json file
Add the following information in the appettings.json file.
"JWT": {
"key": "YouSecreteKeyforAuthenticationtovalidateApplication",
"Issuer": "reactconf.org",
"Audience": "reactconf.org"
},Configure JWT authentication in the Program.cs file
using dotNet8CRUDWebAPI.Services;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddAuthentication(option =>
{
option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
option.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(opt =>
{
opt.TokenValidationParameters = new TokenValidationParameters
{
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience= builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])),
ValidateIssuer=true,
ValidateAudience=true,
ValidateLifetime=false,
ValidateIssuerSigningKey=true
};
});
builder.Services.AddControllers();
builder.Services.AddSingleton<IDepartment,DepartmentServices>();
var app = builder.Build();
// Configure the HTTP request pipeline.
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Create a User Model in ASP.NET Core
For storing the login credentials of the users, we need to create a class named Login in the Model folder.
namespace dotNet8CRUDWebAPI.Model
{
public class Login
{
public string username { get; set; }
public string password { get; set; }
}
}
Generate JWT Tokens
We are Creating another controller named “TokenGenerate” to generate and validate the JWT. Create action method “Post”, this method generated token in response to an initial request to the API, then use it for authorization in all subsequent requests.
using dotNet8CRUDWebAPI.Model;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity.Data;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
namespace dotNet8CRUDWebAPI.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class TokenGenerateController : ControllerBase
{
private readonly IConfiguration _configuration;
//private SymmetricSecurityKey _key;
public TokenGenerateController(IConfiguration configuration)
{
_configuration = configuration;
}
[HttpPost]
public IActionResult Post(Login loginRequest)
{
if (loginRequest.username == "Admin" || loginRequest.password == "Passw0rd")
{
var issuer = _configuration["Jwt:Issuer"];
var audience = _configuration["Jwt:Audience"];
var _key = Encoding.ASCII.GetBytes(_configuration["Jwt:Key"]);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[]
{
new Claim("Id",Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Sub, loginRequest.username),
new Claim(JwtRegisteredClaimNames.Email, loginRequest.username),
new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
}),
Expires = DateTime.UtcNow.AddMinutes(10),
Issuer = issuer,
Audience = audience,
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(_key), SecurityAlgorithms.HmacSha256Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
var jwttoken = tokenHandler.WriteToken(token);
var stringToken = tokenHandler.WriteToken(token);
return Ok(stringToken);
}
return Ok("Unauthorized");
}
}
}Handling Authorization Checks
To handle authorization checks, you can use the [Authorize] attribute on controller and actions method.
namespace dotNet8CRUDWebAPI.Controllers
{
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class DepartmentController : ControllerBase
{
private readonly IDepartment _department;
public DepartmentController(IDepartment department)
{
_department = department;
}
[HttpGet]
public IActionResult Get([FromQuery] bool? isActive=null)
{
return Ok(_department.GetAllList(isActive));
}
}
}Now simply run the application or press F5 to run
Generate Token
Authorization Checks
See More: .NET 8: How to make API faster in Asp.Net Core
The post Implement JWT Authentication and Authorization in ASP.NET Core appeared first on Tech Insights.
]]>The post How to Create CRUD API in Django Rest Framework appeared first on Tech Insights.
]]>The Django Rest Framework (DRF) is a powerful tool to create CRUD API in the Django web framework, which is based on python
In this post, we will look at how to create CRUD API in the Django Rest Framework. Create, Retrieve, Update, and Delete are the four fundamental activities you may do using a CRUD API. To interface with a database, web applications frequently use these operations.
Also, Check the Previous Article Implement Join Operations in Django ORM
Django CRUD (Create, Read, Update, Delete) Operation
Before we start building the CRUD API, we need to install Django and Django Rest Framework. The steps are as follows.
Setting Django Rest Framework
Install Django and Rest Framework
Pip install Django Pip install djangorestframework
Create a new Django Project
Django-admin startproject CRUD_API_Restframework
Create a new App
Python manage.py startapp CRUD_API
Configure the Settings.py
INSTALLED_APPS = [
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.messages',
'django.contrib.staticfiles',
'CRUD_API',
'rest_framework',
]
Create Django Models
Now we need to create a Models in our app. The model will define the structure of data.
from django.db import models
# Create your models here.
class authentication(models.Model):
username = models.CharField(max_length=100)
password = models.CharField(max_length=100)
emailid = models.CharField(max_length=100,default=True)
is_active = models.IntegerField()
firstname = models.CharField(max_length=100,default=True)
lastname = models.CharField(max_length=100,default=True)
address = models.CharField(max_length=100,default=True)
contactno = models.CharField(max_length=100,default=True)
gender = models.CharField(max_length=100,default=True)
def __str__(self):
return self.username
Migration
Python manage.py makemigrations Python manage.py migrate
Create Serializers
Serializers create a format for complicated data types, like Python objects, so that it may be quickly translated into JSON or XML content. Models in DRF are transformed into JSON, XML, or other content types using serializers.
from rest_framework import serializers
from .models import authentication
class serialize(serializers.ModelSerializer):
class Meta:
model = authentication
fields =['id','username','password','emailid']
class messagserializer(serializers.Serializer):
Response = serializers.CharField()
Message = serializers.CharField()
Create a Views
The API’s fundamental component views, respond to queries, process data, and handle incoming request. Django Rest Framework has a number of views that can be customized to support CRUD activities
from django.shortcuts import get_object_or_404, redirect, render
from django.template.response import TemplateResponse
from django.http import HttpResponse,HttpRequest
from rest_framework import serializers,status
from rest_framework.response import Response
from rest_framework.decorators import api_view
from django.urls import reverse
from django.contrib import messages
from django.contrib.auth import authenticate
from .models import authentication
from .Serializers import serialize,messagserializer
import json
import requests
# Create your views here.
@api_view(['GET',])
def getusers(request):
if request.method == 'GET':
getusers = authentication.objects.all()
serializer = serialize(getusers, many=True)
request.session['users'] = serializer.data
return Response(serializer.data)
@api_view(['GET'])
def getusersid(request):
if request.method == 'GET':
argdata = request.data
getuserss = authentication.objects.filter(username=argdata['username'] , password=argdata['password'])
serializer = serialize(getuserss, many=True)
request.session['users'] =serializer.data
return Response(serializer.data)
return Response('Failure')
@api_view(['POST',])
def postusers(request, *args, **kwargs):
argdata = request.data
if request.method == 'POST':
argdata = request.data
isvalid = authentication.objects.filter(username=argdata['username']).exists()
if isvalid==False:
postusers = authentication.objects.create(username=argdata['username'],password=argdata['password'],emailid=argdata['emailid'],is_active=1)
postusers.save()
getuserss = authentication.objects.filter(username=argdata['username'])
serializer = serialize(getuserss, many=True)
context = {"getdata":serializer.data,"response":"Success"}
return Response(context)
else:
context = [{"Response":'User Already Registered',"Message":'403'}]
serializer = messagserializer(context, many=True)
return Response(serializer.data)
@api_view(['PUT','GET'])
def Editusers(request, *args, **kwargs):
if request.method == 'PUT':
user_instance = authentication.objects.get(username=request.data.get('username')) #self.get_object(id,request.data.id)
if not user_instance:
return Response({"message":'User Not Registered'},status=status.HTTP_404_NOT_FOUND)
data = {
'username': request.data.get('username'),
'password': request.data.get('password'),
'emailid': request.data.get('emailid'),
'is_active': request.data.get('is_active')
}
serializer = serialize(instance=user_instance, data=data,partial=True)
if serializer.is_valid():
serializer.save()
context = {"getdata":serializer.data,"response":"Success"}
return Response(context)
return Response(serializer._errors,status=status.HTTP_400_BAD_REQUEST)
@api_view(['DELETE'])
def Delete_User(request):
argdata = request.data
isvalid = authentication.objects.filter(username=argdata['username']).exists()
if isvalid==True:
users = get_object_or_404(authentication,username=argdata['username'])
users.delete()
context = {"response":"Success"}
return Response(context)
else:
context = [{"Response":'User Not Registered',"Message":'403'}]
return Response(context)
Create URLS
We need to map the views to URLs to make them accessible through the API. Here are the steps to follow.
- Create a new file urls.py in the CRUD_API directory
Configure the URLs for the views
from django.contrib import admin
from django.urls import path,include
from . import views
urlpatterns = [
path('getusers/',views.getusers, name="getusers"),
path('getusersid/',views.getusersid, name="GetUseById"),
path('Addusers/',views.postusers, name="postusers"),
path('Editusers/',views.Editusers, name="Editusers"),
path('Delete_User/',views.Delete_User, name="Delete_User"),
]
Include the app Urls in the project URLs
from django.contrib import admin
from django.urls import path,include
urlpatterns = [
path('admin/', admin.site.urls),
path('', include('CRUD_API.urls')),
]
Start the Django Development Server
Python manage.py runserver
Testing the API using POSTMAN
Here can test the API using the POSTMAN tool.
Create User
Get All Users
Get By Id
Update User
Delete User
The post How to Create CRUD API in Django Rest Framework appeared first on Tech Insights.
]]>