4,815 questions
Try
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer --version 5.0.9
System.IdentityModel in .net 5.0
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 99%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Sandeep Desai
1
Reputation point
We are porting our project from .Net framework 4.5 to .Net 5.0. For secure login purpose, we are using jwt tokens using System.IdentityModel and System.IdentityModel.Tokens.Jwt in existing project.
After porting to .Net 5.0, we observed that System.IdentityModel.Tokens.Jwt nuget is available in .Net 5.0. However, we did not find System.IdentityModel or equivalent nuget in .Net 5.0. Due to which, below piece of code is not working. 'InMemorySymmetricSecurityKey' class is marked as unrecognized.
InMemorySymmetricSecurityKey signingKey = new InMemorySymmetricSecurityKey(Encoding.UTF8.GetBytes(securityKey));
Can you please guide me which equivalent IdentityModel should be used for System.IdentityModel?
Developer technologies ASP.NET ASP.NET Core
2 answers
Sort by: Most helpful
-
AgaveJoe 30,126 Reputation points2021-09-02T14:04:58.997+00:00 -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 9%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
Chao Deng-MSFT 801 Reputation points2021-09-03T03:04:09.757+00:00 Hi @Sandeep Desai ,
.NET 5 comes with a JWT middleware service for validating and creating JWT.
Here is an example as follows:
The main change is the installation of theMicrosoft.AspNetCore.Authentication.JwtBearerpackage.
Then we can modify appsettings.json with the following SQL connection string value and authentication details.
appsettings.json{ "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "ConnectionStrings": { "ConnStr": "Data Source=(localdb)\\MSSQLLocalDB;Initial Catalog=SarathlalDB;Integrated Security=True;ApplicationIntent=ReadWrite;MultiSubnetFailover=False" }, "JWT": { "ValidAudience": "http://localhost:4200", "ValidIssuer": "http://localhost:59921", "Secret": "StrONGKAutHENTICATIONKEy" } }We have added a database connection string and also added valid audience, valid issuer and secret key for JWT authentication in above settings file.
We can create an API controller “AuthenticateController” inside the “Controllers” folder and add below code.
AuthenticateController.csusing JWTAuthenticationWithSwagger.Authentication; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Configuration; using Microsoft.IdentityModel.Tokens; using System; using System.Collections.Generic; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; using System.Threading.Tasks; namespace JWTAuthenticationWithSwagger.Controllers { [Route("api/[controller]")] [ApiController] public class AuthenticateController : ControllerBase { private readonly UserManager<ApplicationUser> userManager; private readonly IConfiguration _configuration; public AuthenticateController(UserManager<ApplicationUser> userManager, IConfiguration configuration) { this.userManager = userManager; _configuration = configuration; } [HttpPost] [Route("login")] public async Task<IActionResult> Login([FromBody] LoginModel model) { var user = await userManager.FindByNameAsync(model.Username); if (user != null && await userManager.CheckPasswordAsync(user, model.Password)) { var userRoles = await userManager.GetRolesAsync(user); var authClaims = new List<Claim> { new Claim(ClaimTypes.Name, user.UserName), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), }; foreach (var userRole in userRoles) { authClaims.Add(new Claim(ClaimTypes.Role, userRole)); } var authSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:Secret"])); var token = new JwtSecurityToken( issuer: _configuration["JWT:ValidIssuer"], audience: _configuration["JWT:ValidAudience"], expires: DateTime.Now.AddHours(3), claims: authClaims, signingCredentials: new SigningCredentials(authSigningKey, SecurityAlgorithms.HmacSha256) ); return Ok(new { token = new JwtSecurityTokenHandler().WriteToken(token), expiration = token.ValidTo }); } return Unauthorized(); } [HttpPost] [Route("register")] public async Task<IActionResult> Register([FromBody] RegisterModel model) { var userExists = await userManager.FindByNameAsync(model.Username); if (userExists != null) return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User already exists!" }); ApplicationUser user = new ApplicationUser() { Email = model.Email, SecurityStamp = Guid.NewGuid().ToString(), UserName = model.Username }; var result = await userManager.CreateAsync(user, model.Password); if (!result.Succeeded) return StatusCode(StatusCodes.Status500InternalServerError, new Response { Status = "Error", Message = "User creation failed! Please check user details and try again." }); return Ok(new Response { Status = "Success", Message = "User created successfully!" }); } } }We have added two methods “login” and “register” inside the controller class. Register method will be used to create new user information. In login method, we have returned a JWT token after successful login.
We can make below changes in “ConfigureServices” and “Configure” methods in “Startup” class.
Startup.csusing JWTAuthenticationWithSwagger.Authentication; using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Logging; using Microsoft.IdentityModel.Tokens; using Microsoft.OpenApi.Models; using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; namespace JWTAuthenticationWithSwagger { public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.AddControllers(); services.AddDbContext<ApplicationDbContext>(options => options.UseSqlServer(Configuration.GetConnectionString("ConnStr"))); // For Identity services.AddIdentity<ApplicationUser, IdentityRole>() .AddEntityFrameworkStores<ApplicationDbContext>() .AddDefaultTokenProviders(); // Adding Authentication services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) // Adding Jwt Bearer .AddJwtBearer(options => { options.SaveToken = true; options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = true, ValidateAudience = true, ValidAudience = Configuration["JWT:ValidAudience"], ValidIssuer = Configuration["JWT:ValidIssuer"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JWT:Secret"])) }; }); services.AddSwaggerGen(swagger => { //This is to generate the Default UI of Swagger Documentation swagger.SwaggerDoc("v1", new OpenApiInfo { Version = "v1", Title = "ASP.NET 5 Web API", Description = "Authentication and Authorization in ASP.NET 5 with JWT and Swagger" }); // To Enable authorization using Swagger (JWT) swagger.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme() { Name = "Authorization", Type = SecuritySchemeType.ApiKey, Scheme = "Bearer", BearerFormat = "JWT", In = ParameterLocation.Header, Description = "Enter 'Bearer' [space] and then your valid token in the text input below.\r\n\r\nExample: \"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\"", }); swagger.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "Bearer" } }, new string[] {} } }); }); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseSwagger(); app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "ASP.NET 5 Web API v1")); app.UseHttpsRedirection(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } } }
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best Regards,
ChaoDeng