But this still doesn't solve my original problem. The token is returned to the console app but the console app never receives it.
The original code that you copied works perfectly. Unfortunately you did not post all the relevant code so the community can only guess what mistakes are in your code base. Please make an effort to debug your code or provide enough code to reproduce this issue if you need community debugging support.
Minimal Web API
using Microsoft.AspNetCore.Authorization;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthorization();
builder.Services.AddAuthentication().AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345"))
};
});
// Add services to the container.
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
app.MapGet("/api/test", [AllowAnonymous] () => "Hello you!");
app.MapGet("/secret2", [Authorize] () => $"Hello You. This is a secret!!!");
app.MapPost("/security/createToken",
[AllowAnonymous] (User user) =>
{
if (user.UserName == "user" && user.Password == "123")
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()),
new Claim(JwtRegisteredClaimNames.GivenName, user.UserName),
new Claim(JwtRegisteredClaimNames.Email, "user@test.com"),
new Claim(ClaimTypes.Role, "Administrator"),
new Claim("Role1", "Administrator"),
new Claim("Role2", "Standard"),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345"));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokeOptions = new JwtSecurityToken(
issuer: "https://localhost:7217",
audience: "https://localhost:7217",
claims: claims,
expires: DateTime.Now.AddMinutes(50),
signingCredentials: signinCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokeOptions);
TokenResponse response = new TokenResponse() { Token = tokenString };
return Results.Ok(response);
}
return Results.Unauthorized();
});
app.UseHttpsRedirection();
app.Run();
public class User
{
public string UserName { get; set; } = "";
public string Email { get; set; } = "";
public string Password { get; set; } = "";
public string AddInfo { get; set; } = "";
}
public class TokenResponse
{
public string Token { get; set; } = string.Empty;
}
Console App
// See https://aka.ms/new-console-template for more information
using System;
using System.Diagnostics;
using System.Linq;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net.Http.Json;
using System.Security.Cryptography.X509Certificates;
//Console.WriteLine("Hello, World!");
internal class Program
{
private static HttpClient httpClient = new HttpClient();
private static async Task Main(string[] args)
{
httpClient.BaseAddress = new Uri("https://localhost:7217");
httpClient.DefaultRequestHeaders.Clear();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
User user = new User() { AddInfo = "info", Email = "user@email.com", Password = "123", UserName = "user" };
//Get the JWT
string token = await AuthenticateAsync(user);
Console.WriteLine(token);
Debug.WriteLine("Token = " + token);
Console.WriteLine();
//Call a secured endpoint
var message = await Secured(token);
Console.WriteLine($"Response: {message}");
}
private static async Task<string> AuthenticateAsync(User user)
{
var response = await httpClient.PostAsJsonAsync(@"security/createToken", user);
TokenResponse token = await response.Content.ReadFromJsonAsync<TokenResponse>();
return token.Token;
}
private static async Task<string> Secured(string token)
{
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
string response = await httpClient.GetStringAsync(@"secret2");
return response;
}
}
public class User
{
public string UserName { get; set; } = string.Empty;
public string Email { get; set; } = string.Empty;
public string Password { get; set; } = string.Empty;
public string AddInfo { get; set; } = string.Empty;
}
public class TokenResponse
{
public string Token { get; set; } = string.Empty;
}