.net core 3.1 JWT token step by step

 

Visual Studio -> Create New Project -> Asp.Net Core Web application -> API



Right-click on project -> Manage NuGet package -> On browse section search for (Microsoft.AspNetCore.Authentication.JwtBearer) -> install.



UserController.cs


using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading.Tasks;

using Microsoft.AspNetCore.Http;

using Microsoft.AspNetCore.Mvc;

using Microsoft.AspNetCore.Authorization;

using Microsoft.Extensions.Logging;


namespace JwtNetCore

{

    [Route("[controller]")]

    [ApiController]

    public class UserController : ControllerBase

    {

        [HttpGet]

        [Route("GetUserData")]

        [Authorize(Policy = Policies.User)]


        public IActionResult GetUserData()

        {

            return Ok("This is a response from user method");

        }

        [HttpGet]

        [Route("GetAdminData")]

        [Authorize(Policy = Policies.Admin)]

        public IActionResult GetAdminData()

        {

            return Ok("This is a response from Admin method");

        }



    }

}




LoginController

using System;
using System.Collections.Generic;
using System.IdentityModel.Tokens.Jwt;
using System.Linq;
using System.Security.Claims;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;

namespace JwtNetCore
{
    [Route("[controller]")]
    [ApiController]
    public class LoginController : ControllerBase
    {
        private readonly IConfiguration _config;
        private List<User> appUsers = new List<User>{
            new User { FullName = "Vaibhav Bhapkar", UserName = "admin", Password = "1234", UserRole = "Admin" },
            new User { FullName = "Test User", UserName = "user", Password = "1234", UserRole = "User" }
            };

        public LoginController(IConfiguration config)
        {
            _config = config;
        }

        [HttpPost]
        [AllowAnonymous]
        public IActionResult Login([FromBody] User login)
        {
            IActionResult response = Unauthorized();
            User user = AuthenticateUser(login);
            if (user != null)
            {
                var tokenString = GenerateJWTToken(user);
                response = Ok(new
                {
                    token = tokenString,
                    userDetails = user,
                });
            }
            return response;
        }
        User AuthenticateUser(User loginCredentials)
        {
            User user = appUsers.SingleOrDefault(x => x.UserName == loginCredentials.UserName && x.Password == loginCredentials.Password);
            return user;
        }
        string GenerateJWTToken(User userInfo)
        {
            //var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt: SecretKey"]));
            var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("xecretKeywqejane"));
           

            var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);


            var claims = new[]
            {
                new Claim(JwtRegisteredClaimNames.Sub, userInfo.UserName),
                new Claim("fullName", userInfo.FullName.ToString()),
                new Claim("role",userInfo.UserRole),
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
            };


            var token = new JwtSecurityToken(
            //"https://localhost:44349"
             issuer: "http://localhost:44349",
            audience: "http://localhost:44349",
            //issuer: _config["Jwt: Issuer"],
            //audience: _config["Jwt: Audience"],
            claims: claims,
            expires: DateTime.Now.AddMinutes(30),
            signingCredentials: credentials
            );
            return new JwtSecurityTokenHandler().WriteToken(token);
        }

    }
}


User

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace JwtNetCore
{
    public class User
    {
        public string UserName { get; set; }
        public string FullName { get; set; }
        public string Password { get; set; }
        public string UserRole { get; set; }
    }
}



Policies

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;


namespace JwtNetCore
{
    public class Policies
    {
        public const string Admin = "Admin";
        public const string User = "User";
        public static AuthorizationPolicy AdminPolicy()
        {
            return new AuthorizationPolicyBuilder().RequireAuthenticatedUser().RequireRole(Admin).Build();
        }
        public static AuthorizationPolicy UserPolicy()
        {
            return new AuthorizationPolicyBuilder().RequireAuthenticatedUser().RequireRole(User).Build();
        }
    }

}


appsettings.json

{

  "Logging": {

    "LogLevel": {

      "Default": "Information",

      "Microsoft": "Warning",

      "Microsoft.Hosting.Lifetime": "Information"

    }

  },

  "AllowedHosts": "*",

  "Jwt": {

    "SecretKey": "xecretKeywqejane",

    "Issuer": "https://localhost:44349",

    "Audience": "https://localhost:44349"

  }

}



Startup

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;

namespace JwtNetCore
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllers();

            services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options =>
                {
                    options.RequireHttpsMetadata = false;
                    options.SaveToken = true;
                    options.TokenValidationParameters = new TokenValidationParameters();

                    options.TokenValidationParameters.ValidateIssuer = true;
                    options.TokenValidationParameters.ValidateAudience = true;
                    options.TokenValidationParameters.ValidateLifetime = true;
                    options.TokenValidationParameters.ValidateIssuerSigningKey = true;
                    //options.TokenValidationParameters.ValidIssuer =  Configuration["Jwt: Issuer"];
                    options.TokenValidationParameters.ValidIssuer = "http://localhost:44349";
                    //options.TokenValidationParameters.ValidAudience = Configuration["Jwt: Audience"];
                    options.TokenValidationParameters.ValidAudience = "http://localhost:44349";
                    //options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt: SecretKey"]));
                    options.TokenValidationParameters.IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("xecretKeywqejane"));
                    options.TokenValidationParameters.ClockSkew = TimeSpan.Zero;
                });

            services.AddAuthorization(config =>
            {
                config.AddPolicy(Policies.Admin, Policies.AdminPolicy());
                config.AddPolicy(Policies.User, Policies.UserPolicy());
            });
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseHttpsRedirection();

            app.UseRouting();

             app.UseAuthentication();

            app.UseAuthorization();

          
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllers();
            });


        }
    }
}



401


Admin 200





Reference,

https://jwt.io/

https://medium.com/@vaibhavrb999/jwt-authentication-authorization-in-net-core-3-1-e762a7abe00a

https://blog.miniasp.com/post/2019/12/16/How-to-use-JWT-token-based-auth-in-aspnet-core-31

留言

張貼留言

這個網誌中的熱門文章

香港袐密行動

圖片
  好多朋友話, 時間過去, 記憶變得濛糊, 當日的好友, 今日好像已經忘記誰是誰了. 我更加向大家對薦這一本書. 我不會講書中的故事, 因為大家都有自己的故事. 當中你會回憶當年的你, 而你我的回憶不同, 雖然我們曾經在時空交雜過, 可是我們在事件上找到各自各的位置, 發揮各自各的功能. 如果你覺得書中的故事荒謬 (OnL9), 不真實, 吹水. 那麼回想5年前, 天台的風景。 你有想像過TG 的氣味? 你有想像過路上滿是路障? 你有想像過一街之距, 兩個世界? 這是他們的回憶,他們見到的。 5年過去, 離散的我更珍惜相敍的時光, 因為這是我們學到的. 也更珍惜當下. 人生苦短, 比起回頭, 我更喜歡向前, 因為回望了過去, 向前行就更明確. 看書吧. 一齊加油.
閱讀完整內容

要老是忘記, 我更記不起

圖片
  黃昏,您誤入我的房間,我開門請您回去,一度的寧靜,期待著夜幕到來。早上陽光把我叫醒,我看著您眼定定看著窗邊,當涼風從窗邊透出,您回去了,沒有回頭,也沒有說話。 我們也是大家的過客,大家借過大家的溫度。過去和幻想組織了美好的回憶。那怕只有片段,時間和回憶可以成正比,也可以沒有關係。“不借得太多也想借點火,就算不說一句都很清楚,雙方都經過太多。“ 這本書就是一連串愛情的小故事,可能有相似的,也可能有別人的。很多人說,愛情總是可以令成長,我不同意,不論有否成長,我的角度,每一個您的出現,也改變了我的習慣。習慣了密碼用上您的生日,習慣耐心溫柔地弄乾您的長頭髮,習慣了冰凍的茶味。 “不應講的死也不說 是否等於欺騙 衷心的欺騙 我真心想你快活如蜜甜“ 愛情不須要將來,須要的只有回憶。 我說昨晚的“您“,是隻蜜蜂, 大家請不要過份FF , 感謝閱讀 😚😚😚
閱讀完整內容