How to implement JWT Token Authentication in ASP.NET Core 5.0 Web API using JWT

In this article, I’m going to show you how to implement token authentication in ASP.NET Core 5.0 Web API using JWT. I will create ASP.NET Web API project and show you step by step how to generate JWT token and use it for authentication and authorization.

Creating a new .NET 5.0 Web API project

Open visual studio 2019 community and click on “create a new project” and select “ASP.NET Core Web API” project and click next.

In the “configure your new project”, enter name, location, and solution name of your project and click next.

In the “Additional information” step, choose “.NET 5.0 in “Target Framework” dropdown, None in “Authentication Type” and click on create

 

Adding JWT configurations in appsettings.json

Run your application once and copy the url of your application. That will be used for JwtIssuer value in app settings. Open appsettings.json and add following configurations at the end of file:

 

Adding login feature

Add new empty controller in the “Controllers” folder of your project and name it AccountController and add following code into it.

 

Securing resources using JWT Authentication

Open “WeatherForcastController.cs” and above Get() method, add this line [Authorize(Roles = "Role1")] and this will enforce the method will be only accessible if JWT token is present in the header and the user for which the token is generated belongs to Role1. you can use [Authorize()] attribute to ensure the user passes JWT token in order to access the method.

 

Testing the Login method issuing tokens

Run the project and you will see an Open API documentation as shown below.

Under Account, click on the “POST /Login” and click try it out in the write. Enter body as shown in figure below and hit execute.

You will see a success response with token and username as shown below.

Next, we want to test the WeatherForecast service that we secure earlier. Scroll down to “WeatherForcast” section in the OpenAPI documentation and click on “GET /WeatherForcast” and click on “Try it out” in the top right of the expanded section and hit execute.

Once you hit execute, you will see following error.

class="post__text">The error says “System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.” And it means we need some more configuration to make it work.

 

Configure token authentication in ASP.NET Core

The error means ASP.NET Core do not know how to authorize the request since we added authorization attribute in WeatherForcast service.

In order to configure ASP.NET Core to use token authentication as the default authentication scheme and how to validate in coming tokens, add following to your CofigureServices method.

Next, in the Configure method, add app.UseAuthentication(); before app.UseAuthorization(); if not present.

 

Testing weatherForcast service with authentication

Now that we have configured ASP.NET Core to use token authentication, we should be able to use the token issued by Login method to access WeatherForcast.

Since OpenAPI documentation do not support setting up headers, we can use Postman tool to test the same.

You can copy the token received in the login response and use Authorization: Bearer and you will be able to access WeatherForcast service.

Under Account, click on the “POST /Login” and click try it out in the write. Enter body as shown in figure below and hit execute.

 

Using token authentication with ASP.NET Core Identity and Entity Framework Core.

You can extend the code here to use it with ASP.NET Core Identity and Entity Core. Here are reference articles that shows the same.

• https://dotnetdetail.net/asp-net-core-5-web-api-token-based-authentication-example-using-jwt/
• https://www.c-sharpcorner.com/article/authentication-and-authorization-in-asp-net-5-with-jwt-and-swagger/

Conclusion

We just learned how to implement a basic token authentication in .NET 5.0.