web api jwt token based authentication example c# step by step
Example 1: c# asp.net mvc core implementing jwt
private string GenerateJSONWebToken(UserModel userInfo)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[] {
new Claim(JwtRegisteredClaimNames.Sub, userInfo.Username),
new Claim(JwtRegisteredClaimNames.Email, userInfo.EmailAddress),
new Claim("DateOfJoing", userInfo.DateOfJoing.ToString("yyyy-MM-dd")),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(_config["Jwt:Issuer"],
_config["Jwt:Issuer"],
claims,
expires: DateTime.Now.AddMinutes(120),
signingCredentials: credentials);
return new JwtSecurityTokenHandler().WriteToken(token);
}
Example 2: jwt authentication filter c#
using System;
using System.Security.Principal;
using System.Threading;
using System.Threading.Tasks;
using System.Web.Http.Filters;
namespace myspace.filters
{
public class JwtAuthenticationAttribute : Attribute, IAuthenticationFilter
{
private ILog log = LogFactory.GetLogger("JwtAuthValidationLogs");
public string Realm { get; set; }
public bool AllowMultiple => false;
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
log.Info("Authenticating JWT");
var request = context.Request;
var authorization = request.Headers.Authorization;
if (authorization == null || authorization.Scheme != "Bearer")
{
context.ErrorResult = new AuthenticationFailureResult("Missing Jwt Token", request);
return;
}
if (string.IsNullOrEmpty(authorization.Parameter))
{
context.ErrorResult = new AuthenticationFailureResult("Missing Jwt Token", request);
return;
}
var token = authorization.Parameter;
try
{
IPrincipal principal = await SecurityUtils.validateToken(token);
if (principal == null)
{
context.ErrorResult = new AuthenticationFailureResult("Invalid token", request);
}
else
{
context.Principal = principal;
}
}
catch (Exception ex)
{
log.Error("Exception occured Validating Jwt Token "+ ex.Message + " Inner Exception : " + ex.InnerException);
context.ErrorResult = new AuthenticationFailureResult("Invalid token", request);
}
}
public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
{
return Task.FromResult(0);
}
}
}