Is there a light jwt token in asp.net core web api?

mc 3,481 Reputation points
2021-04-30T07:30:21.317+00:00

I just want to give a token when user login
and other request I can get the id of the user

I do not want to user identity server that such a big framework.

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,022 questions
{count} votes

Accepted answer
  1. AgaveJoe 25,761 Reputation points
    2021-04-30T15:41:57.327+00:00

    .NET 5 come with a JWT middleware services for validating and creating JWTs. Included below is sample code. See the official reference documentation if you need to learn more about a service or library.

    appsettings.json

    {  
      "jwtConfig": {  
        "Secret": "A super secret string that can be whatever you like"  
      },  
      "Logging": {  
        "LogLevel": {  
          "Default": "Information",  
          "Microsoft": "Warning",  
          "Microsoft.Hosting.Lifetime": "Information"  
        }  
      }  
    }  
    

    Configuration

    using JwtService.Services;  
    using Microsoft.AspNetCore.Authentication.JwtBearer;  
    using Microsoft.AspNetCore.Builder;  
    using Microsoft.AspNetCore.Hosting;  
    using Microsoft.AspNetCore.HttpsPolicy;  
    using Microsoft.AspNetCore.Mvc;  
    using Microsoft.Extensions.Configuration;  
    using Microsoft.Extensions.DependencyInjection;  
    using Microsoft.Extensions.Hosting;  
    using Microsoft.Extensions.Logging;  
    using Microsoft.IdentityModel.Tokens;  
    using Microsoft.OpenApi.Models;  
    using System;  
    using System.Collections.Generic;  
    using System.Linq;  
    using System.Text;  
    using System.Threading.Tasks;  
      
    namespace JwtService  
    {  
        public class Startup  
        {  
            public Startup(IConfiguration configuration)  
            {  
                Configuration = configuration;  
            }  
      
            public IConfiguration Configuration { get; }  
      
            // This method gets called by the runtime. Use this method to add services to the container.  
            public void ConfigureServices(IServiceCollection services)  
            {  
      
                services.AddControllers();  
                services.AddSwaggerGen(c =>  
                {  
                    c.SwaggerDoc("v1", new OpenApiInfo { Title = "JwtService", Version = "v1" });  
                });  
      
                var secret = Encoding.ASCII.GetBytes(Configuration["JwtConfig:secret"]);  
                services.AddAuthentication(x =>  
                {  
                    x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;  
                    x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;  
                })  
                .AddJwtBearer(x =>  
                {  
                    x.RequireHttpsMetadata = false;  
                    x.SaveToken = true;  
                    x.TokenValidationParameters = new TokenValidationParameters  
                    {  
                        ValidateIssuerSigningKey = true,  
                        IssuerSigningKey = new SymmetricSecurityKey(secret),  
                        ValidateIssuer = true,  
                        ValidateAudience = true,  
                        ValidateLifetime = true,  
                        ValidIssuer = "Issuer",  
                        ValidAudience = "Audience",  
                        ClockSkew = TimeSpan.Zero,  
                    };  
                });  
      
                services.AddScoped<IApplicationUser, ApplicationUser>();  
            }  
      
            // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.  
            public void Configure(IApplicationBuilder app, IWebHostEnvironment env)  
            {  
                if (env.IsDevelopment())  
                {  
                    app.UseDeveloperExceptionPage();  
                    app.UseSwagger();  
                    app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "JwtService v1"));  
                }  
      
                app.UseHttpsRedirection();  
      
                app.UseRouting();  
      
                app.UseAuthentication();  
                app.UseAuthorization();  
      
                app.UseEndpoints(endpoints =>  
                {  
                    endpoints.MapControllers();  
                });  
            }  
        }  
    }  
    

    Sample service

        public interface IApplicationUser  
        {  
            string Authenticate(string username, string password);  
            LoginResponse AuthenticateMvc(string username, string password);  
        }  
      
        public class ApplicationUser : IApplicationUser  
        {  
            private readonly IConfiguration Configuration;  
            public ApplicationUser(IConfiguration configuration)  
            {  
                Configuration = configuration;  
            }  
      
            private List<User> _users = new List<User>  
            {  
                new User { Id = 1, FirstName = "Hello", LastName = "World", Username = "username", Password = "password" }  
            };  
      
            public string Authenticate(string username, string password)  
            {  
                var user = _users.SingleOrDefault(x => x.Username == username && x.Password == password);  
      
                // return null if user not found  
                if (user == null)  
                    return null;  
      
                // authentication successful so generate jwt token  
                var tokenHandler = new JwtSecurityTokenHandler();  
                var key = Encoding.ASCII.GetBytes(Configuration["JwtConfig:secret"]);  
                var tokenDescriptor = new SecurityTokenDescriptor  
                {  
                    Subject = new ClaimsIdentity(new Claim[]  
                    {  
                        new Claim(ClaimTypes.Name, user.Id.ToString()),  
                    }),  
                    IssuedAt = DateTime.UtcNow,  
                    Expires = DateTime.UtcNow.AddDays(7),  
                    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature),  
                    Issuer = "Issuer",  
                    Audience = "Audience"  
                };  
                var token = tokenHandler.CreateToken(tokenDescriptor);  
                return tokenHandler.WriteToken(token);  
            }  
      
            public LoginResponse AuthenticateMvc(string username, string password)  
            {  
                var user = _users.SingleOrDefault(x => x.Username == username && x.Password == password);  
      
                // return null if user not found  
                if (user == null)  
                    return null;  
      
                // authentication successful so generate jwt token  
                var tokenHandler = new JwtSecurityTokenHandler();  
                var key = Encoding.ASCII.GetBytes(Configuration["JwtConfig:secret"]);  
                var tokenDescriptor = new SecurityTokenDescriptor  
                {  
                    Subject = new ClaimsIdentity(new Claim[]  
                    {  
                        new Claim(ClaimTypes.Name, user.Id.ToString()),  
                    }),  
                    IssuedAt = DateTime.UtcNow,  
                    Expires = DateTime.UtcNow.AddDays(7),  
                    SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature),  
                    Issuer = "Issuer",  
                    Audience = "Audience"  
                };  
                var token = tokenHandler.CreateToken(tokenDescriptor);  
      
                //Mock response  
                LoginResponse response = new LoginResponse()  
                {  
                    token = tokenHandler.WriteToken(token),  
                    role = "User",  
                    claims = new List<ClaimDto>()  
                    {  
                        new ClaimDto() {type = ClaimTypes.Role, value = "UserRole" },  
                        new ClaimDto() {type= ClaimTypes.Email, value = "email@email.com" }  
                    }  
                };  
      
                return response;  
      
            }  
        }  
    

    Controller
    [Authorize]
    [ApiController]
    [Route("[controller]")]
    public class AccountController : ControllerBase
    {
    private readonly IApplicationUser _authService;
    private readonly ILogger<AccountController> _logger;
    public AccountController(IApplicationUser authSerice, ILogger<AccountController> logger)
    {
    _authService = authSerice;
    _logger = logger;
    }

            //POST: /Account/Authenticate  
            [AllowAnonymous]  
            [HttpPost("authenticate")]  
            [ProducesResponseType(200, Type = typeof(string))]  
            [ProducesResponseType(400)]  
            [ProducesResponseType(404)]  
            public IActionResult Authenticate([FromBody] LoginModel model)  
            {  
                string token = _authService.Authenticate(model.Username, model.Password);  
      
                if (string.IsNullOrEmpty(token))  
                {  
                    return BadRequest(new { message = "Username or password is incorrect" });  
                }  
                return Ok(token);  
            }  
      
            //POST: /Account/AuthenticateMvc  
            [AllowAnonymous]  
            [HttpPost("authenticatemvc")]  
            [ProducesResponseType(200, Type = typeof(LoginResponse))]  
            [ProducesResponseType(400)]  
            [ProducesResponseType(404)]  
            public IActionResult AuthenticateMvc([FromBody] LoginModel model)  
            {  
                LoginResponse result = _authService.AuthenticateMvc(model.Username, model.Password);  
      
                if (result == null || string.IsNullOrEmpty(result.token))  
                {  
                    return BadRequest(new { message = "Username or password is incorrect" });  
                }  
                return Ok(result);  
            }  
        }  
    
    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Zhi Lv - MSFT 29,946 Reputation points Microsoft Vendor
    2021-05-03T07:07:35.39+00:00

    Hi @65841535,

    You could refer the following sample to implement JWT authentication in Asp.net Core application:

    1. In the API application, configure the authentication schema with JWT bearer options.
      public void ConfigureServices(IServiceCollection services)  
      {  
          services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)  
                 .AddJwtBearer(options =>  
                 {  
                     options.TokenValidationParameters = new TokenValidationParameters  
                     {  
                         ValidateIssuer = true,  
                         ValidateAudience = true,  
                         ValidateLifetime = true,  
                         ValidateIssuerSigningKey = true,  
                         ValidIssuer = Configuration["Jwt:Issuer"],  
                         ValidAudience = Configuration["Jwt:Issuer"],  
                         IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))  
                     };  
                 });   
          services.AddControllers();  
      }  
      
      // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.  
      public void Configure(IApplicationBuilder app, IWebHostEnvironment env)  
      {  
          if (env.IsDevelopment())  
          {  
              app.UseDeveloperExceptionPage();  
          }  
      
          app.UseHttpsRedirection();  
      
          app.UseRouting();  
          app.UseAuthentication();  
          app.UseAuthorization();  
      
          app.UseEndpoints(endpoints =>  
          {  
              endpoints.MapControllers();  
          });  
      }  
      
      2.. Store JWT values (Such as: issuer, audience, signing key) in appsettings.json file
      {      
      "Jwt": {  
        "Key": "ThisismySecretKey",  
        "Issuer": "Test.com"  
      },  
      }     
      
    2. Generate JSON Web Token: Create a Login controller and after valid user, generate the JWT token.
          [Route("api/[controller]")]  
          [ApiController]  
          public class LoginController : Controller  
          {  
              private IConfiguration _config;  
      
              public LoginController(IConfiguration config)  
              {  
                  _config = config;  
              }  
              [AllowAnonymous]  
              [HttpPost]  
              public IActionResult Login([FromBody] UserModel login)  
              {  
                  IActionResult response = Unauthorized();  
                  var user = AuthenticateUser(login);  
      
                  if (user != null)  
                  {  
                      var tokenString = GenerateJSONWebToken(user);  
                      response = Ok(new { token = tokenString });  
                  }  
      
                  return response;  
              }  
      
              private string GenerateJSONWebToken(UserModel userInfo)  
              {  
                  var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));  
                  var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);  
      
                  var token = new JwtSecurityToken(_config["Jwt:Issuer"],  
                    _config["Jwt:Issuer"],  
                    null,  
                    expires: DateTime.Now.AddMinutes(120),  
                    signingCredentials: credentials);  
      
                  return new JwtSecurityTokenHandler().WriteToken(token);  
              }  
      
              private UserModel AuthenticateUser(UserModel login)  
              {  
                  UserModel user = null;  
      
                  //Validate the User Credentials      
                  //Demo Purpose, I have Passed HardCoded User Information      
                  if (login.Username == "Jignesh")  
                  {  
                      user = new UserModel { Username = "Jignesh Trivedi", EmailAddress = "test.btest@gmail.com" };  
                  }  
                  return user;  
              }  
          }  
      
    3. Apply the JWT authentication, add the [Authorize] attribute at the header of the action method.
              // GET: api/<ValuesController>  
              [HttpGet]  
              [Authorize]  
              public IEnumerable<string> Get()  
              {  
                  return new string[] { "value1", "value2" };  
              }  
      

    More detail information, you could refer this link.


    If the answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Best Regards,
    Dillion

    1 person found this answer helpful.
    0 comments No comments