ASP.NET Core 2.0 JWT Authentication Example

Ecco Suprastyo
Jan 29, 2020

21.5k
0
8
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Print
- Other Artcile

Introduction

In this section, I will tell you how to make a token number starting from making a project in Microsoft Visual Studio up to generating a token using Postman. You can follow the instructions directly on your computer.

Steps

Create a new project with Microsoft Visual Studio 2017.

Edit file with name appsettings.json as below (key: yourkey, issuer: hostname:port),
1. {
2. "Logging": {
3. "IncludeScopes": false,
4. "Debug": {
5. "LogLevel": {
6. "Default": "Warning"
7. }
8. },
9. "Console": {
10. "LogLevel": {
11. "Default": "Warning"
12. }
13. }
14. },
15. "Jwt": {
16. "Key": "camellabs.com2019!",
17. "Issuer": "http://localhost:5008"
18. }
19. }
After setting properties the project looks like shown below:

For the next step, we must edit the program class. This class is a console app item that is the main entry point to start the application, The class was configured and will launch the web API application and web server service using an instance of WebHostBuilder apps.Edit program class as below for ASP.Net Core 2.0 JWT Authentication Example,
1. using System;
2. using System.Collections.Generic;
3. using System.IO;
4. using System.Linq;
5. using System.Threading.Tasks;
6. using Microsoft.AspNetCore;
7. using Microsoft.AspNetCore.Hosting;
8. using Microsoft.Extensions.Configuration;
9. using Microsoft.Extensions.Logging;
11. namespace ExampleJWT
12. {
13. public class Program
14. {
15. public static void Main(string[] args)
16. {
17. BuildWebHost(args).Run();
18. }
20. public static IWebHost BuildWebHost(string[] args) =>
21. WebHost.CreateDefaultBuilder(args)
22. .UseKestrel()
23. .UseUrls("http://localhost:5008")
24. .UseIISIntegration()
25. .UseStartup<Startup>()
26. .Build();
27. }
28. }
We will create a startup class. This class is the request pipeline of the application and how all requests are handled. Edit the startup class as in the below example.
1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Threading.Tasks;
5. using Microsoft.AspNetCore.Builder;
6. using Microsoft.AspNetCore.Hosting;
7. using Microsoft.Extensions.Configuration;
8. using Microsoft.Extensions.DependencyInjection;
9. using Microsoft.Extensions.Logging;
10. using Microsoft.Extensions.Options;
11. using Microsoft.AspNetCore.Authentication.JwtBearer;
12. using Microsoft.IdentityModel.Tokens;
13. using System.Text;
15. namespace ExampleJWT
16. {
17. public class Startup
18. {
19. public Startup(IConfiguration configuration)
20. {
21. Configuration = configuration;
22. }
24. public IConfiguration Configuration { get; }
26. // This method gets called by the runtime. Use this method to add services to the container.
27. public void ConfigureServices(IServiceCollection services)
28. {
29. services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
30. .AddJwtBearer(options =>
31. {
32. options.TokenValidationParameters = new TokenValidationParameters
33. {
34. ValidateIssuer = true,
35. ValidateAudience = true,
36. ValidateLifetime = true,
37. ValidateIssuerSigningKey = true,
38. ValidIssuer = Configuration["Jwt:Issuer"],
39. ValidAudience = Configuration["Jwt:Issuer"],
40. IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
41. };
42. });
44. services.AddMvc();
45. }
47. // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
48. public void Configure(IApplicationBuilder app, IHostingEnvironment env)
49. {
50. if (env.IsDevelopment())
51. {
52. app.UseDeveloperExceptionPage();
53. }
56. app.UseAuthentication();
57. app.UseMvc();
58. }
59. }
60. }
Create TokenModel.cs like Entity to access data between different classes of applications.
1. using System;
2. using System.Collections.Generic;
3. using System.ComponentModel.DataAnnotations;
4. using System.Linq;
5. using System.Threading.Tasks;
7. namespace ExampleJWT.Models
8. {
9. public class AccessToken
10. {
11. [Key]
12. public int id { get; set; }
13. public string name { get; set; }
14. public string email { get; set; }
15. public string username { get; set; }
16. public string password { get; set; }
17. public string token { get; set; }
18. public DateTime? dateexpd { get; set; }
19. }
20. }
Create a new class with nameTokenController.cs to define and handled all routes/endpoints for the API request or request. This controller will include authentication and standard CRUD operations. The controller actions are secured properties with JWT using the [Authorize] attribute, with the exception of the Authenticate method which allows connection public access by overriding the [Authorize] attribute on the controller with [AllowAnonymous] attribute on the action method. I chose this approach so any new action methods added to the controller will be secure by default unless explicitly made public.
1. using System;
2. using System.Collections.Generic;
3. using System.Linq;
4. using System.Threading.Tasks;
5. using Microsoft.AspNetCore.Mvc;
6. using Microsoft.Extensions.Configuration;
7. using Microsoft.AspNetCore.Authorization;
8. using ExampleJWT.Models;
9. using Microsoft.IdentityModel.Tokens;
10. using System.IdentityModel.Tokens.Jwt;
11. using System.Text;
13. namespace ExampleJWT.Controllers
14. {
15. [Route("api/[controller]")]
16. public class TokenController : Controller
17. {
18. private IConfiguration _config;
20. public TokenController(IConfiguration config)
21. {
22. _config = config;
23. }
25. [AllowAnonymous]
26. [HttpPost]
27. public async Task<IActionResult> CreateToken([FromBody]AccessToken access)
28. {
29. IActionResult response = Unauthorized();
30. var user = Authenticate(access);
32. if (user != null)
33. {
34. var tokenString = BuildToken(access);
35. response = Ok(new { token = tokenString });
37. var datepd = DateTime.UtcNow.AddHours(7).AddYears(3); //Expired Token
39. user.password = access.password;
40. user.token = tokenString.ToString();
41. user.dateexpd = datepd;
43. }
45. return response;
46. }
48. private string BuildToken(AccessToken access)
49. {
50. var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
51. var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
53. var token = new JwtSecurityToken(_config["Jwt:Issuer"],
54. _config["Jwt:Issuer"],
55. expires: DateTime.UtcNow.AddHours(7).AddYears(3),
56. signingCredentials: creds);
58. return new JwtSecurityTokenHandler().WriteToken(token);
59. }
61. private AccessToken Authenticate(AccessToken access)
62. {
63. AccessToken data = new AccessToken();
64. if (access.username == "camellabs" && access.password == "camellabs")
65. {
66. data = access;
67. }
68. else
69. {
70. data = null;
71. }
73. return data;
74. }
75. }
76. }
Next Step,Running the application with IIS Express In Microsoft visual studio 2017.
Testing the application. If already running with postman like shown below, use the method POST.

You can see the ASP.Net Core 2.0 JWT Authentication Example on Github Here.

Thank you for reading this article about ASP.Net Core 2.0 JWT Authentication. I hope this article is useful to you. Visit My Github about ASP.Net Core Here

Recommended Free Ebook

An In-Depth Guide to C# Generics in .NET 6, .NET 7, and .NET 8 with 70+ Code Samples

Download Now!