What is Authentication in .Net Core API?
Authentication is one of the most critical and important parts of software development. It makes our APIs secure and denies the API request if any unauthorized user tries to access the secure endpoints.
Why do we need Authentication in .Net Core API?
- Data Protection: APIs often expose interfaces to data or services that could be misused if they fall into the wrong hands. Authentication helps ensure that only authorized users or systems can access this data or service.
- Access Control: Not all users should have the same access rights. Some users might have full access, while others might have restricted permissions. Authentication is the first step to implementing such an access control mechanism.
- Non-repudiation: Through proper Authentication, it is possible to trace back actions to the user who performed them. This provides accountability for actions taken, which is essential in many applications.
- Compliance: Many industries have regulations and requirements for data protection and privacy. Authentication, along with other security measures, helps meet these regulatory compliance needs.
- User Experience: By authenticating users, APIs can also provide personalized experiences, as they know who is making the request and can tailor responses accordingly.
Let's Begin
Let's create a new project.
![OKTA in .Net Core API]()
![OKTA Authentication in .NET]()
![OKTA Authentication in .NET]()
After the API creation, we will install the nuget package "Microsoft.AspNetCore.Authentication.JwtBearer".
![OKTA Authentication in .NET]()
![OKTA Authentication in .NET]()
For Authentication, we will be using Okta; Okta provides a way to manage and provide access to users and gives its developer platform to try out authentication stuff.
Sign up on the below link
https://developer.okta.com/signup/
Use authO options, and pick up the region of your choice.
After that, we will create a new API, and In the identifier, we usually give out the hosted app URL, but here for testing purposes. We will give our localhost url of our API.
![OKTA Authentication in .NET]()
Now click on the APIs on the left side and click on the Test section; you will get the curl command to generate the Okta auth token.
![OKTA Tokesn]()
Now let's open our Program.cs, and we will add the following code.
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.Authority = "https://dev-7fjgp6661wzrvpqw.us.auth0.com/";
options.Audience = "https://localhost:7294";
});
From the values in Okta portal, we can use it in the Postman to get the token response.
![OKTA Token Response]()
Now we will add a new controller in our API called "AllowAllController".
[Route("api/[controller]")]
[ApiController]
public class AllowAllController: ControllerBase {
[HttpGet]
public string Get() {
return "Working okay";
}
}
Once we run the API and hit this endpoint, we will get the response.
![OKTA Response or Authorize]()
Now to test authorization, we will add a [Authorize] keyboard at the top of the controller.
So now our modified controller looks like this.
[Route("api/[controller]")]
[ApiController]
[Authorize]
public class AllowAllController: ControllerBase
{
[HttpGet]
public string Get()
{
return "Working okay";
}
}
Now when we hit our API, it will get the Unauthorized response.
![OKTA unauthorize response]()
Now we will pass the token we get from the token endpoint in the Authorization Header of the request.
![OKTA Response with Token]()
Summary
Here we saw how to implement Okta oAuth-based authorization in a dotnet 7 API. If you wish to see the code, please click here!
Happy Coding!