❔ Implement JWT to my WebAPI .NET 7.0 project - First time

uselessxp · 2023-04-07T14:51:42.700Z

guys I'd like to implement JWT into my WebAPI project, theory seems to be simple but I'm unable to implement it in my .NET 7.0 project, someone could help me or link me a reliable guide? I'm reading different but each of theme have differences in some points

L

lvasconcellos•4/7/23, 2:59 PM

Hi

L

lvasconcellos•4/7/23, 3:00 PM

Do you have something coded already?

Llvasconcellos Do you have something coded already?

U

uselessxpOP•4/7/23, 3:19 PM

yeah, I added some code to my

Program.cs

Program.cs

Below the code I added for now:

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography.X509Certificates;

// Configure JWT authentication
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = false, // I put false cause I don't have a domain, am I wrong?
        ValidateAudience = false, // I put false cause I don't have a domain, am I wrong?
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = configuration["Jwt:Issuer"],
        ValidAudience = configuration["Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:Key"]))
    };
});

// Enable authentication middleware
app.UseAuthentication();

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography.X509Certificates;

// Configure JWT authentication
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = false, // I put false cause I don't have a domain, am I wrong?
        ValidateAudience = false, // I put false cause I don't have a domain, am I wrong?
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = configuration["Jwt:Issuer"],
        ValidAudience = configuration["Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:Key"]))
    };
});

// Enable authentication middleware
app.UseAuthentication();

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography.X509Certificates;

// Configure JWT authentication
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = false, // I put false cause I don't have a domain, am I wrong?
        ValidateAudience = false, // I put false cause I don't have a domain, am I wrong?
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = configuration["Jwt:Issuer"],
        ValidAudience = configuration["Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:Key"]))
    };
});

// Enable authentication middleware
app.UseAuthentication();

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System.Security.Cryptography.X509Certificates;

// Configure JWT authentication
builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = false, // I put false cause I don't have a domain, am I wrong?
        ValidateAudience = false, // I put false cause I don't have a domain, am I wrong?
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = configuration["Jwt:Issuer"],
        ValidAudience = configuration["Jwt:Audience"],
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:Key"]))
    };
});

// Enable authentication middleware
app.UseAuthentication();

U

uselessxpOP•4/7/23, 3:41 PM

I'm really confused about next steps as every guide show different things to do

U

uselessxpOP•4/7/23, 4:28 PM

now I added this in my

appsettings.json

appsettings.json

"Jwt": {
  "Key": "mySecretKey123",
  "Issuer": "myIssuer",
  "Audience": "myAudience"
},

"Jwt": {
  "Key": "mySecretKey123",
  "Issuer": "myIssuer",
  "Audience": "myAudience"
},

"Jwt": {
  "Key": "mySecretKey123",
  "Issuer": "myIssuer",
  "Audience": "myAudience"
},

"Jwt": {
  "Key": "mySecretKey123",
  "Issuer": "myIssuer",
  "Audience": "myAudience"
},

L

lvasconcellos•4/7/23, 5:49 PM

The settings looks okay

L

lvasconcellos•4/7/23, 5:50 PM

Now you need the code to generate the token

Llvasconcellos Now you need the code to generate the token

U

uselessxpOP•4/7/23, 6:53 PM

Well, now I created a

Post

Post

Post

Post method for

login

login

login

login in one of my controllers, I don't know if I have to create a custom class for this, or what, maybe yes, I guess something like

Auth

Auth

Auth

Auth controller with this

Post

Post

Post

Post method, I wait confirmation.

For the moment I pasted this code in one of my existing controllers for try it:

[HttpPost("login")]
public IActionResult Login([FromBody] LoginRequest login)
{
    if (login == null)
    {
        return BadRequest("Invalid client request");
    }

    // temporary fake login
    if (login.Username == "TestUser" && login.Password == "TestPwd")
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var key = Encoding.ASCII.GetBytes(_config["Jwt:Key"]);
        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(new Claim[]
            {
        new Claim(ClaimTypes.Name, login.Username)
            }),
            Expires = DateTime.UtcNow.AddMinutes(30),
            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
        };
        var token = tokenHandler.CreateToken(tokenDescriptor);
        var tokenString = tokenHandler.WriteToken(token);

        return Ok(new { Token = tokenString });
    }
    else
    {
        return Unauthorized();
    }
}

private string GenerateJwtToken(string username)
{
    return "sample_token";
}

public class LoginRequest
{
    public string Username { get; set; }
    public string Password { get; set; }
}

[HttpPost("login")]
public IActionResult Login([FromBody] LoginRequest login)
{
    if (login == null)
    {
        return BadRequest("Invalid client request");
    }

    // temporary fake login
    if (login.Username == "TestUser" && login.Password == "TestPwd")
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var key = Encoding.ASCII.GetBytes(_config["Jwt:Key"]);
        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(new Claim[]
            {
        new Claim(ClaimTypes.Name, login.Username)
            }),
            Expires = DateTime.UtcNow.AddMinutes(30),
            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
        };
        var token = tokenHandler.CreateToken(tokenDescriptor);
        var tokenString = tokenHandler.WriteToken(token);

        return Ok(new { Token = tokenString });
    }
    else
    {
        return Unauthorized();
    }
}

private string GenerateJwtToken(string username)
{
    return "sample_token";
}

public class LoginRequest
{
    public string Username { get; set; }
    public string Password { get; set; }
}

[HttpPost("login")]
public IActionResult Login([FromBody] LoginRequest login)
{
    if (login == null)
    {
        return BadRequest("Invalid client request");
    }

    // temporary fake login
    if (login.Username == "TestUser" && login.Password == "TestPwd")
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var key = Encoding.ASCII.GetBytes(_config["Jwt:Key"]);
        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(new Claim[]
            {
        new Claim(ClaimTypes.Name, login.Username)
            }),
            Expires = DateTime.UtcNow.AddMinutes(30),
            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
        };
        var token = tokenHandler.CreateToken(tokenDescriptor);
        var tokenString = tokenHandler.WriteToken(token);

        return Ok(new { Token = tokenString });
    }
    else
    {
        return Unauthorized();
    }
}

private string GenerateJwtToken(string username)
{
    return "sample_token";
}

public class LoginRequest
{
    public string Username { get; set; }
    public string Password { get; set; }
}

[HttpPost("login")]
public IActionResult Login([FromBody] LoginRequest login)
{
    if (login == null)
    {
        return BadRequest("Invalid client request");
    }

    // temporary fake login
    if (login.Username == "TestUser" && login.Password == "TestPwd")
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var key = Encoding.ASCII.GetBytes(_config["Jwt:Key"]);
        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Subject = new ClaimsIdentity(new Claim[]
            {
        new Claim(ClaimTypes.Name, login.Username)
            }),
            Expires = DateTime.UtcNow.AddMinutes(30),
            SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
        };
        var token = tokenHandler.CreateToken(tokenDescriptor);
        var tokenString = tokenHandler.WriteToken(token);

        return Ok(new { Token = tokenString });
    }
    else
    {
        return Unauthorized();
    }
}

private string GenerateJwtToken(string username)
{
    return "sample_token";
}

public class LoginRequest
{
    public string Username { get; set; }
    public string Password { get; set; }
}

I found this code on web, and I adapted it by changing the login system, and creating a fake login for now.
It seems all clear, only I don't understand the

GenerateJwtToken

GenerateJwtToken

GenerateJwtToken

GenerateJwtToken method, if I'm not wrong it's never called.

Forgot to say that's before the

GenerateJwpToken

GenerateJwpToken

GenerateJwpToken

GenerateJwpToken method snippet, is written that I have to implement JWT token logic without further explainations.

A

Accord•4/8/23, 7:12 PM

Was this issue resolved? If so, run

/close

/close

otherwise I will mark this as stale and this post will be archived until there is new activity.

❔ Implement JWT to my WebAPI .NET 7.0 project - First time

Similar Threads

Similar Threads

Similar Threads