JWT Archives - Tech Insights Unveiling Tomorrow's Tech Today, Where Innovation Meets Insight Thu, 04 Jan 2024 07:06:40 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://i0.wp.com/reactconf.org/wp-content/uploads/2023/11/cropped-reactconf.png?fit=32%2C32&ssl=1 JWT Archives - Tech Insights 32 32 230003556 Implement JWT Authentication and Authorization in ASP.NET Core https://reactconf.org/implement-jwt-authentication-and-authorization-in-asp-net-core/ https://reactconf.org/implement-jwt-authentication-and-authorization-in-asp-net-core/#respond Thu, 04 Jan 2024 07:06:38 +0000 https://reactconf.org/?p=290 JSON Web Token (JWT) is a common authentication method in modern web development  In this article, we will explore How to implement JWT Authentication and Authorization in ASP.NET Core application. …

The post Implement JWT Authentication and Authorization in ASP.NET Core appeared first on Tech Insights.

]]>
JSON Web Token (JWT) is a common authentication method in modern web development  In this article, we will explore How to implement JWT Authentication and Authorization in ASP.NET Core application.

Create an Asp.NET Core Web API Project

Assuming you have Visual Studio 2019 or Visual Studio 2022 installed, follow these steps to create a new ASP.NET Core Project

  • Open the visual studio (IDE).
  • Click on the “Create new project” option.
  • Choose “ASP.NET Core Web API” from the list of available templates.
  • Click the Next button.
  • The configure a new project, specify the name and location of your project.
  • Click the “Next” button.
  • Then select .Net Core as the runtime and choose the version from the dropdown list at the top.
  • Make sure to uncheck the checkboxes for “Enable Docker Support” and “Configure for HTTPS” since we won’t be using authentication.
  • Click the “Create” button

Install the JwtBearer NuGet Package

Add the “Microsoft.AspNetCore.Authentication.JwtBearer” NuGet package to your project.

  • Select the  project Solution in the Explorer window
  • Right-click and select “Manage NuGet Packages”
  • In the NuGet Package Manager window, search for the “Microsoft.AspNetCore.Authentication.JwtBearer”
  • Click on the Install button.

Another way to install the package “Microsoft.AspNetCore.Authentication.JwtBearer”   via Package Manager Console

Specify a Secret Key in the appsettings.json file

Add the following information in the appettings.json file.

 "JWT": {
   "key": "YouSecreteKeyforAuthenticationtovalidateApplication",
   "Issuer": "reactconf.org",
   "Audience": "reactconf.org"
 },

Configure JWT  authentication in the Program.cs file

using dotNet8CRUDWebAPI.Services;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Text;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.


builder.Services.AddAuthentication(option =>
{
    option.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    option.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    option.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(opt =>
{
    opt.TokenValidationParameters = new TokenValidationParameters
    {
     ValidIssuer = builder.Configuration["Jwt:Issuer"],
     ValidAudience= builder.Configuration["Jwt:Audience"],
     IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])),
     ValidateIssuer=true,
     ValidateAudience=true,
     ValidateLifetime=false,
     ValidateIssuerSigningKey=true

    };
});
    
    
    
   
builder.Services.AddControllers();

builder.Services.AddSingleton<IDepartment,DepartmentServices>();
var app = builder.Build();

// Configure the HTTP request pipeline.


app.UseHttpsRedirection();

app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();

Create a User Model in ASP.NET Core

For storing the login credentials of the users, we need to create a class named Login in the Model folder.

namespace dotNet8CRUDWebAPI.Model
{
    public class Login
    {
        public string username {  get; set; }
        public string password { get; set; }
    }
}

Generate JWT Tokens

We are Creating another controller named “TokenGenerate”  to generate and validate the JWT. Create action method “Post”,  this method generated token in response to an initial request to the API, then use it for authorization in all subsequent requests.

using dotNet8CRUDWebAPI.Model;
using Microsoft.AspNetCore.DataProtection.KeyManagement;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity.Data;
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

namespace dotNet8CRUDWebAPI.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class TokenGenerateController : ControllerBase
    {
        private readonly IConfiguration _configuration;
        //private SymmetricSecurityKey _key;
       

        public TokenGenerateController(IConfiguration configuration)
        {
            _configuration = configuration;
           
        }
        [HttpPost]
        public IActionResult Post(Login  loginRequest)
        {
            if (loginRequest.username == "Admin" || loginRequest.password == "Passw0rd")
            {
                var issuer = _configuration["Jwt:Issuer"];
                var audience = _configuration["Jwt:Audience"];
                var _key =  Encoding.ASCII.GetBytes(_configuration["Jwt:Key"]);


                var tokenDescriptor = new SecurityTokenDescriptor
                {
                    Subject = new ClaimsIdentity(new[]
                    {
                        new Claim("Id",Guid.NewGuid().ToString()),
                        new Claim(JwtRegisteredClaimNames.Sub, loginRequest.username),
                        new Claim(JwtRegisteredClaimNames.Email, loginRequest.username),
                        new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString())
                   }),

                    Expires = DateTime.UtcNow.AddMinutes(10),
                    Issuer = issuer,
                    Audience = audience,
                    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(_key), SecurityAlgorithms.HmacSha256Signature)
                };



                var tokenHandler = new JwtSecurityTokenHandler();
                var token = tokenHandler.CreateToken(tokenDescriptor);
                var jwttoken = tokenHandler.WriteToken(token);
                var stringToken = tokenHandler.WriteToken(token);
                return Ok(stringToken);
            }


            return Ok("Unauthorized");
        }
    }
}

Handling Authorization Checks

To handle authorization checks, you can use the [Authorize] attribute on controller and actions method.


namespace dotNet8CRUDWebAPI.Controllers
{
    [Authorize]
    [Route("api/[controller]")]
    [ApiController]
    public class DepartmentController : ControllerBase
    {
        private readonly IDepartment _department;

        public DepartmentController(IDepartment department)
        {
           _department = department;
        }

        [HttpGet]
        public IActionResult Get([FromQuery] bool? isActive=null)
        {
            return Ok(_department.GetAllList(isActive));
        }
   }
}

Now simply run the application or press F5 to run

Generate Token

Authorization Checks

See More: .NET 8: How to make API faster in Asp.Net Core

The post Implement JWT Authentication and Authorization in ASP.NET Core appeared first on Tech Insights.

]]>
https://reactconf.org/implement-jwt-authentication-and-authorization-in-asp-net-core/feed/ 0 290