JWT token Authentication in ASP.Net Core

Posted on March 26, 2023
.NET Corejwt seriesauthentication

What JWT?

ASP.NET Core provides a powerful and flexible authentication middleware that supports various authentication schemes, including JSON Web Token (JWT) authentication. JWT is a compact, self-contained way of transmitting information between parties as a JSON object. It's often used to authenticate users and secure web APIs.

Create a Webapi project

Create a Webapi project

Install the required NuGet Package

Microsoft.AspNetCore.Authentication.JwtBearer
Microsoft.IdentityModel.Tokens

NuGet Package Window

appsetting.json

 "Jwt": {
        "Key": "ThisismySecretKeyForCodeHackWithArun",
        "Issuer": "codehackwitharun.com"
    }

Configure Authentication service in program.cs

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = builder.Configuration["Jwt:Issuer"],
        ValidAudience = builder.Configuration["Jwt:Issuer"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]))
    };
});

Add the authentication middleware in the program.cs file:

app.UseAuthentication();

Generate Token

public static string  GenerateJSONWebToken(UserModel userInfo, IConfiguration _configuration)
        {
            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:Key"]));
            var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(_configuration["Jwt:Issuer"],
              _configuration["Jwt:Issuer"],
              null,
              expires: DateTime.Now.AddMinutes(120),
              signingCredentials: credentials);

            return new JwtSecurityTokenHandler().WriteToken(token);
        }

Generating a JWT in an ASP.NET Core application using the JwtSecurityToken class and the JwtSecurityTokenHandler class. The JWT is signed using a symmetric key obtained from the configuration settings, and the signature algorithm used is HMAC with SHA256.

Consume in Controller

        [AllowAnonymous]
        [HttpPost]
        public IActionResult Login([FromBody] UserModel login)
        {
            IActionResult response = Unauthorized();
            var user = new UserModel().AuthenticateUser(login);

            if (user != null)
            {
                var tokenString = JwtTokenHandler.GenerateJSONWebToken(user, _configuration);
                response = Ok(new { token = tokenString });
            }

            return response;
        }

If the AuthenticateUser method returns a non-null user object, indicating that the user has been successfully authenticated, the method generates a JSON Web Token (JWT) using the JwtTokenHandler class and the _configuration object provided. The JWT contains the user's identity information and is signed with a secret key that only the server knows. The generated JWT is then returned as a part of a JSON object in the response body with a status of Ok.

Perform Test in swagger

Visit Github for Full Code

Swagger Test

Add the Authorization header with the JWT token to your API requests

Authorization: Bearer your-jwt-token

Let's Enable JWT in Swagger - Program.cs

builder.Services.AddSwaggerGen(c =>
{
    c.SwaggerDoc("v1", new OpenApiInfo
    {
        Version = "v1",
        Title = "CodeHack_Jwt_authentication.api",
        Description = "Web api to provide authentication services",
    });

    c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
    {
        In = ParameterLocation.Header,
        Description = "Please insert JWT with Bearer into field",
        Name = "Authorization",
        Type = SecuritySchemeType.ApiKey
    });
    c.AddSecurityRequirement(new OpenApiSecurityRequirement
    {
        { new OpenApiSecurityScheme {
            Reference = new OpenApiReference{Type = ReferenceType.SecurityScheme, Id = "Bearer"}}, Array.Empty<string>() }
    });
});

Add the Swagger middleware in the program.cs file:

app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "CodeHack_Jwt_authentication.api"));

Here is the full sample code to download from Github

Thanks for reading!


Posted on March 26, 2023
Profile Picture

Arun Yadav

Software Architect | Full Stack Web Developer | Cloud/Containers

Subscribe
to our Newsletter

Signup for our weekly newsletter to get the latest news, articles and update in your inbox.