Skip to main content

Implementing JWT Authentication

Introduction to JWT Authentication in ASP.NET Core Web API

JSON Web Token (JWT) authentication is a popular approach for secure, stateless authentication for web APIs. It enables client applications to securely identify and authenticate users and securely pass information between the client and the server. JWT authentication provides a simple, yet secure way for protecting ASP.Net Core Web API applications from malicious attacks and unauthorized access.

Implementing JWT Authentication in ASP.NET Core Web API

In this guide, we will walk through the steps for implementing JWT authentication in an ASP.NET Core Web API application. We will discuss how to create users and authenticate them using JWT tokens, and how to protect API endpoints with authorization.

Step 1: Install the Necessary Packages

To get started, we need to install the necessary NuGet packages for JWT authentication. We can do this by using the following command in the Package Manager Console: Install-Package Microsoft.AspNetCore.Authentication.JwtBearer

Step 2: Configure the JWT Authentication Services

Next, we need to configure the JWT authentication services in the Startup.cs file. We can do this by adding the following code to the ConfigureServices method: services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = Configuration["Jwt:Issuer"], ValidAudience = Configuration["Jwt:Issuer"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"])) }; });

Step 3: Create the User Model and Register the User

Next, we need to create the User model to store the user details and register the user. We can do this by adding the following code to the User model class: public class User { [Key] public int Id { get; set; } [Required] public string Username { get; set; } [Required] public string Password { get; set; } } We can also add a method to register the user by adding the following code to the User model class: public void Register(User user) { using (var context = new MyContext()) { context.Users.Add(user); context.SaveChanges(); } }

Step 4: Generate the JWT Token

Now, we need to generate the JWT token for the registered user. We can do this by adding the following code to the User model class: public string GenerateJSONWebToken(User user) { var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(ConfigurationManager.AppSettings["Jwt:Key"])); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); var token = new JwtSecurityToken(ConfigurationManager.AppSettings["Jwt:Issuer"], ConfigurationManager.AppSettings["Jwt:Issuer"], null, expires: DateTime.Now.AddMinutes(120), signingCredentials: credentials); return new JwtSecurityTokenHandler().WriteToken(token); }

Step 5: Authenticate the User

We can now authenticate the user by adding the following code to the User model class: public bool Authenticate(string username, string password) { using (var context = new MyContext()) { var user = context.Users.SingleOrDefault(u => u.Username == username && u.Password == password); if (user == null) return false; return true; } }

Step 6: Protect API Endpoints with Authorization

Finally, we need to protect API endpoints with authorization. We can do this by adding the following code to the API controller: [Authorize] public IActionResult GetUserDetails() { //... }

Conclusion

In this guide, we have discussed the steps for implementing JWT authentication in an ASP.NET Core Web API application. We have discussed how to create users and authenticate them using JWT tokens, and how to protect API endpoints with authorization. We have also provided examples for each step in the process. JWT authentication is a popular, secure approach for authenticating users in web APIs. By following the steps outlined in this guide, developers can quickly and easily set up JWT authentication in their ASP.NET Core Web API applications.