Member-only story
JWT Authentication for Microservices in ASP.NET Core
Two years ago, I published the JWT Authentication for Microservices in .NET article, and it got some pretty good traction. In the meantime, things have changed and .NET Core became the standard. With ASP.NET Core 3.1 receiving long term support, it’s time to update the article to 2020.
First, let’s give this some context: one of the things you need to think of when developing a microservice architecture is authenticating the user across the whole system, when they are trying to perform an action.
In the diagram, you can see a basic representation of a microservice architecture. The users from web/mobile communicate with the system through an API Gateway (either one you developed, or provided by service from AWS/Azure/etc.), and the request is forwarded to the corresponding service. In between, it should be checked if the user is allowed to access that specific resource from the microservice.
To perform this, you can have a separate microservice responsible with user management and authentication. On each request, the user will provide a JWT; the API Gateway will first send the token to the authentication microservice, and if the result is positive, the request will be forwarded wherever necessary (e.g. your Orders or Billing service).
