In this article, I’m going to show you how to implement token authentication in ASP.NET Core 5.0 Web API using JWT. I will create ASP.NET Web API project and show you step by step how to generate JWT token and use it for authentication and authorization.
In this article, I’m going to show you how to implement token authentication in ASP.NET Core 5.0 Web API using JWT. I will create ASP.NET Web API project and show you step by step how to generate JWT token and use it for authentication and authorization.
Open visual studio 2019 community and click on “create a new project” and select “ASP.NET Core Web API” project and click next.
In the “configure your new project”, enter name, location, and solution name of your project and click next.
In the “Additional information” step, choose “.NET 5.0 in “Target Framework” dropdown, None in “Authentication Type” and click on create
Run your application once and copy the url of your application. That will be used for JwtIssuer value in app settings. Open appsettings.json and add following configurations at the end of file:
Add new empty controller in the “Controllers” folder of your project and name it AccountController and add following code into it.
Gain insights into asp.net core jwt authentication, open “WeatherForcastController.cs” and above Get() method, add this line [Authorize(Roles = "Role1")] and this will enforce the method will be only accessible if JWT token is present in the header and the user for which the token is generated belongs to Role1. you can use [Authorize()] attribute to ensure the user passes JWT token in order to access the method.
Run the project and you will see an Open API documentation as shown below.
Under Account, click on the “POST /Login” and click try it out in the write. Enter body as shown in figure below and hit execute.
You will see a success response with token and username as shown below.
Next, we want to test the WeatherForecast service that we secure earlier. Scroll down to “WeatherForcast” section in the OpenAPI documentation and click on “GET /WeatherForcast” and click on “Try it out” in the top right of the expanded section and hit execute.
Once you hit execute, you will see following error.
class="post__text">The error says “System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found.” And it means we need some more configuration to make it work.
The error means ASP.NET Core do not know how to authorize the request since we added authorization attribute in WeatherForcast service.
In order to configure ASP.NET Core to use token authentication as the default authentication scheme and how to validate in coming tokens, add following to your CofigureServices method.
Next, in the Configure method, add app.UseAuthentication(); before app.UseAuthorization(); if not present.
Now that we have configured ASP.NET Core to use token authentication, we should be able to use the token issued by Login method to access WeatherForcast.
Since OpenAPI documentation do not support setting up headers, we can use Postman tool to test the same.
You can copy the token received in the login response and use Authorization: Bearer and you will be able to access WeatherForcast service.
Under Account, click on the “POST /Login” and click try it out in the write. Enter body as shown in figure below and hit execute.
You can extend the code here to use it with ASP.NET Core Identity and Entity Core. Here are reference articles that shows the same.
We just learned how to implement a basic token authentication / asp net core jwt authentication in .NET 5.0.
Prashant Lakhlani Lead Architect, Facile Technolab Monday, April 5, 2021
Subscribe to Facile Technolab's monthly newsletter to receive updates on our latest news, offers, promotions, resources, source code, jobs and other exciting updates.
