Add Nuget Packages
Microsoft.AspNetCore.Authentication.JwtBearer Microsoft.IdentityModel.Tokens System.IdentityModel.Tokens.Jwt
Add setting in appsetting.json
"Jwt": { "Key": "ACDt1vR3lXToPQ1g3MyN", //Generate random String from https://www.random.org/strings "Issuer": "http://localhost:28747/", //Project Property-> Debug-> IIS-->App URL (you can local host url as well) "Audience": "http://localhost:28747/" },
Register JWT token for Authentication in Program.cs file
using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.IdentityModel.Tokens; using System.Text; var builder = WebApplication.CreateBuilder(args); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); builder.Services.AddSwaggerGen(); //JWT Authentication builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = builder.Configuration["Jwt:Issuer"], ValidAudience = builder.Configuration["Jwt:Audience"], IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])) }; }); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); app.Run();
Create Models (UserLogin, UserModel and UserConstant)
namespace JWTLoginAuthenticationAuthorization.Models { public class UserModel { public string Username { get; set; } public string Password { get; set; } public string Role { get; set; } } }
namespace JWTLoginAuthenticationAuthorization.Models { public class UserLogin { public string Username { get; set; } public string Password { get; set; } } }
namespace JWTLoginAuthenticationAuthorization.Models { // We are not taking data from data base so we get data from constant public class UserConstants { public static List<UserModel> Users = new() { new UserModel(){ Username="naeem",Password="naeem_admin",Role="Admin"} }; } }
Create LoginAPI Controller (Authenticate user and generate token)
using JWTLoginAuthenticationAuthorization.Models; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Text; namespace JWTLoginAuthenticationAuthorization.Controllers { [Route("api/[controller]")] [ApiController] public class LoginController : ControllerBase { private readonly IConfiguration _config; public LoginController(IConfiguration config) { _config = config; } [AllowAnonymous] [HttpPost] public ActionResult Login([FromBody] UserLogin userLogin) { var user = Authenticate(userLogin); if (user != null) { var token = GenerateToken(user); return Ok(token); } return NotFound("user not found"); } // To generate token private string GenerateToken(UserModel user) { var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"])); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); var claims = new[] { new Claim(ClaimTypes.NameIdentifier,user.Username), new Claim(ClaimTypes.Role,user.Role) }; var token = new JwtSecurityToken(_config["Jwt:Issuer"], _config["Jwt:Audience"], claims, expires: DateTime.Now.AddMinutes(15), signingCredentials: credentials); return new JwtSecurityTokenHandler().WriteToken(token); } //To authenticate user private UserModel Authenticate(UserLogin userLogin) { var currentUser = UserConstants.Users.FirstOrDefault(x => x.Username.ToLower() == userLogin.Username.ToLower() && x.Password == userLogin.Password); if (currentUser != null) { return currentUser; } return null; } } }
Create User API Controller to authorize user role
namespace JWTLoginAuthenticationAuthorization.Controllers { [Route("api/[controller]")] [ApiController] public class UserController : ControllerBase { //For admin Only [HttpGet] [Route("Admins")] [Authorize(Roles = "Admin")] public IActionResult AdminEndPoint() { var currentUser = GetCurrentUser(); return Ok($"Hi you are an {currentUser.Role}"); } private UserModel GetCurrentUser() { var identity = HttpContext.User.Identity as ClaimsIdentity; if (identity != null) { var userClaims = identity.Claims; return new UserModel { Username = userClaims.FirstOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value, Role = userClaims.FirstOrDefault(x => x.Type == ClaimTypes.Role)?.Value }; } return null; } } }
References
https://www.c-sharpcorner.com/article/jwt-token-creation-authentication-and-authorization-in-asp-net-core-6-0-with-po/
https://www.youtube.com/watch?v=UwruwHl3BlU
https://www.youtube.com/watch?v=6sMPvucWNRE