JWT (JSON Web Token) is a secure, compact means of transmitting identity information between parties as a JSON object, often used for stateless authentication in APIs.<\/p>\n\n\n\n
dotnet new webapi -n JwtAuthDemo\ncd JwtAuthDemo<\/code><\/pre>\n\n\n\n2. Add NuGet Package<\/h3>\n\n\n\n
You may not need to install anything manually since .NET 8 includes JWT libraries, but just in case:<\/p>\n\n\n\n
dotnet add package Microsoft.AspNetCore.Authentication.JwtBearer<\/code><\/pre>\n\n\n\n3. Configure JWT in appsettings.json<\/strong><\/p>\n\n\n\n{\n \"Jwt\": {\n \"Key\": \"ThisIsASecretKeyForJWTDoNotShare\", \n \"Issuer\": \"JwtAuthDemo\",\n \"Audience\": \"JwtAuthDemoClient\",\n \"ExpiresInMinutes\": 60\n },\n \"Logging\": {\n \"LogLevel\": {\n \"Default\": \"Information\",\n \"Microsoft.AspNetCore\": \"Warning\"\n }\n },\n \"AllowedHosts\": \"*\"\n}<\/code><\/pre>\n\n\n\n4. Create a JWT Token Service<\/h3>\n\n\n\n
Create Services\/JwtTokenService.cs<\/a>:<\/p>\n\n\n\nusing System.IdentityModel.Tokens.Jwt;\nusing System.Security.Claims;\nusing System.Text;\nusing Microsoft.Extensions.Options;\nusing Microsoft.IdentityModel.Tokens;\n\npublic class JwtTokenService\n{\n private readonly IConfiguration _configuration;\n\n public JwtTokenService(IConfiguration configuration)\n {\n _configuration = configuration;\n }\n\n public string GenerateToken(string username)\n {\n var key = Encoding.UTF8.GetBytes(_configuration[\"Jwt:Key\"]);\n var issuer = _configuration[\"Jwt:Issuer\"];\n var audience = _configuration[\"Jwt:Audience\"];\n var expires = DateTime.UtcNow.AddMinutes(double.Parse(_configuration[\"Jwt:ExpiresInMinutes\"]));\n\n var claims = new[]\n {\n new Claim(JwtRegisteredClaimNames.Sub, username),\n new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())\n };\n\n var token = new JwtSecurityToken(\n issuer: issuer,\n audience: audience,\n claims: claims,\n expires: expires,\n signingCredentials: new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256)\n );\n\n return new JwtSecurityTokenHandler().WriteToken(token);\n }\n}<\/code><\/pre>\n\n\n\n5. Register JWT Authentication in Program.cs<\/a><\/h3>\n\n\n\nvar builder = WebApplication.CreateBuilder(args);\n\nbuilder.Services.AddControllers();\nbuilder.Services.AddEndpointsApiExplorer();\nbuilder.Services.AddSwaggerGen();\n\n\/\/ Register JWT service\nbuilder.Services.AddSingleton<JwtTokenService>();\n\n\/\/ Add JWT Authentication\nbuilder.Services.AddAuthentication(\"Bearer\")\n .AddJwtBearer(\"Bearer\", options =>\n {\n var jwt = builder.Configuration.GetSection(\"Jwt\");\n options.TokenValidationParameters = new TokenValidationParameters\n {\n ValidateIssuer = true,\n ValidateAudience = true,\n ValidateLifetime = true,\n ValidateIssuerSigningKey = true,\n ValidIssuer = jwt[\"Issuer\"],\n ValidAudience = jwt[\"Audience\"],\n IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwt[\"Key\"]))\n };\n });\n\nbuilder.Services.AddAuthorization();\n\nvar app = builder.Build();\n\napp.UseHttpsRedirection();\n\napp.UseAuthentication(); \/\/ \ud83d\udd10 Must be before UseAuthorization\napp.UseAuthorization();\n\napp.MapControllers();\n\napp.Run();<\/code><\/pre>\n\n\n\n6. Create an Authentication Controller<\/h3>\n\n\n\n
Create Controllers\/AuthController.cs:<\/p>\n\n\n\n
using Microsoft.AspNetCore.Mvc;\n\n[ApiController]\n[Route(\"api\/[controller]\")]\npublic class AuthController : ControllerBase\n{\n private readonly JwtTokenService _jwtService;\n\n public AuthController(JwtTokenService jwtService)\n {\n _jwtService = jwtService;\n }\n\n [HttpPost(\"login\")]\n public IActionResult Login([FromBody] LoginRequest login)\n {\n if (login.Username == \"admin\" && login.Password == \"password\")\n {\n var token = _jwtService.GenerateToken(login.Username);\n return Ok(new { token });\n }\n\n return Unauthorized(\"Invalid credentials\");\n }\n}\n\npublic record LoginRequest(string Username, string Password);<\/code><\/pre>\n\n\n\n7. Secure an API Endpoint<\/h3>\n\n\n\n