.Net Core API — JWT Authentication

Published in

.Net Core API

4 min readApr 12, 2019

User Authentication and Registration

Below is an example API that shows how to implement JSON Web Token authentication with ASP.NET Core 2.0, built from scratch.

The example API has just two endpoints/routes to demonstrate authenticating with JWT and accessing a restricted route with JWT:

/users/authenticate - a public route that accepts HTTP POST requests containing the username and password in the body. If the username and password are correct then a JWT authentication token and the user details are returned.
/users/GetUsers - a secure route that accepts HTTP GET requests and returns a list of all the users in the application if the HTTP Authorization header contains a valid JWT token. If there is no auth token or the token is invalid then a 401 Unauthorized response is returned.

The tutorial project is available on GitHub: https://github.com/RitiTiwari14/JWT

Tools required to run the ASP.NET Core 2.2 JWT Example Locally

To develop and run ASP.NET Core applications locally, download and install the following:

.NET Core SDK — includes the .NET Core runtime and command line tools
Visual Studio 2017 — code editor that runs on Windows, Visual Studio Code can also be used

ASP.NET Core JWT Users Controller

Path: /Controllers/UsersController.cs

The ASP.NET Core users controller defines and handles all routes/endpoints for the API that relate to users, this includes authentication. Within each route the controller calls the user service to perform the action required, this enables the controller to stay ‘lean’ and completely separated from the business logic and data access code.

The controller actions are secured with JWT using the [Authorize] attribute, with the exception of the Authenticate method which allows public access by overriding the [Authorize] attribute on the controller with [AllowAnonymous] attribute on the action method. I chose this approach to any new action methods added to the controller will be secure by default unless explicitly made public. — UsersController

ASP.NET Core JWT User Entity in Model Folder

The user entity class represents the data for a user in the application. Model classes are used to pass data between different parts of the application (e.g. between services and controllers) and can be used to return http response data from controller action methods. → Models — UserLogin.cs

ASP.NET Core JWT App Settings

Helper >> AppSettings.cs

ASP.NET Core JWT User IRepository -UserIRepository.cs

ASP.NET Core JWT User Repository

The user service contains a method for authenticating user credentials and returning a JWT token and a method for getting all users in the application.

On successful authentication, the Authenticate method generates a JWT (JSON Web Token) using the JwtSecurityTokenHandler the class that generates a token that is digitally signed using a secret key stored in appsettings.json. The JWT token is returned to the client application which then must include it in the HTTP Authorization header of subsequent web API requests for authentication. >> UserRepository.cs

ASP.NET Core JWT App Settings — appsettings.json

IMPORTANT: The "Secret" property is used by the API to sign and verify JWT tokens for authentication, update it with your own random string to ensure nobody else can generate a JWT to gain unauthorised access to your application.