AspNetCore.Security.Jwt
1.0.0
See the version list below for details.
dotnet add package AspNetCore.Security.Jwt --version 1.0.0
NuGet\Install-Package AspNetCore.Security.Jwt -Version 1.0.0
<PackageReference Include="AspNetCore.Security.Jwt" Version="1.0.0" />
paket add AspNetCore.Security.Jwt --version 1.0.0
#r "nuget: AspNetCore.Security.Jwt, 1.0.0"
// Install AspNetCore.Security.Jwt as a Cake Addin #addin nuget:?package=AspNetCore.Security.Jwt&version=1.0.0 // Install AspNetCore.Security.Jwt as a Cake Tool #tool nuget:?package=AspNetCore.Security.Jwt&version=1.0.0
AspNetCore.Security.Jwt
Asp Net Core Jwt Bearer Token Security package.
The package:
Makes adding Jwt Bearer Token Security to your ASP NET Core 2.0 app a breeze!!
Even gives you an out of the box TokenController to issue Jwt tokens.
And integrates the TokenContoller into your app automatically.
Also, Swagger UI integration!
Add a reference to the package and...
Implement IAuthentication interface in your app
Validate the Id and Password here.
The IdType supported so far are Name, Email.
After this validation, the Jwt token is issued by the TokenController.
using AspNetCore.Security.Jwt;
using System.Threading.Tasks;
namespace XXX.API
{
public class Authenticator : IAuthentication
{
public async Task<bool> IsValidUser(string id, string password)
{
//Put your id authenication here.
return true;
}
}
}
In your Startup.cs
using AspNetCore.Security.Jwt;
using Swashbuckle.AspNetCore.Swagger;
public void ConfigureServices(IServiceCollection services)
{
.
.
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "XXX API", Version = "v1" });
});
services.AddSecurity<Authenticator>(this.Configuration, true);
services.AddMvc().AddSecurity();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
.
.
.
// Enable middleware to serve swagger-ui (HTML, JS, CSS, etc.),
// specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json", "XXX API V1");
});
app.UseSecurity(true);
app.UseMvc();
}
In your appsettings.json
{
"SecuritySettings": {
"Secret": "a secret that needs to be at least 16 characters long",
"Issuer": "your app",
"Audience": "the client of your app",
"IdType": "Name",
"TokenExpiryInHours" : 2
},
.
.
.
}
In your Controller that you want to secure
You must mark the Controller or Action that you want to secure with Authorize attribute like:
using Microsoft.AspNetCore.Mvc;
.
.
.
namespace XXX.API.Controllers
{
using Microsoft.AspNetCore.Authorization;
[Authorize]
[Route("api/[controller]")]
public class XXXController : Controller
{
.
.
.
}
}
TokenController - Issues the Jwt token
The TokenContoller has a POST Method which you can call with a Id and Password.
The Id has to match the specified IdType.
The POST in Postman is like below:
See: https://github.com/VeritasSoftware/AspNetCore.Security.Jwt/blob/master/TokenRequest.jpg
A Jwt Bearer token is then issued which must be sent in subsequent requests in the header.
Access your secure Controller or Action
You have to send the issued Jwt token in the header of the request as
Authorization: Bearer <token>
Eg.
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiU2hhbiIsImV4cCI6MTU0MjUxMTkzOSwibmJmIjoxNTQwMDkyNzM5LCJpc3MiOiJ5b3VyIGFwcCIsImF1ZCI6InRoZSBjbGllbnQgb2YgeW91ciBhcHAifQ.VktS3XGD-Z3-wNuXl4IuLLJXe9OUNK5RZ8o-9eUUVuE
to access the Controller or Action.
This is like below in Postman:
See: https://github.com/VeritasSoftware/AspNetCore.Security.Jwt/blob/master/AuthorizationHeader.jpg
In Angular 2+ app, you can do this using HttpInterceptors.
Swagger UI integration
When you start Swagger you will see a Token endpoint automatically.
Also, you will see an Authorize button.
See: https://github.com/VeritasSoftware/AspNetCore.Security.Jwt/blob/master/SwaggerIntegration.jpg
You obtain the Jwt token by entering your Id and Password on the Token endpoint.
Then you enter the token into the Value field after clicking on the Authorize button as
See: https://github.com/VeritasSoftware/AspNetCore.Security.Jwt/blob/master/AvailableAuthorizations.jpg
Then, you can make calls to all secured endpoints (marked with Authorize attribute).
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
.NET Core | netcoreapp2.0 is compatible. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 was computed. |
-
.NETCoreApp 2.0
- Microsoft.AspNetCore.Authentication.JwtBearer (>= 2.0.0)
- Microsoft.AspNetCore.Mvc (>= 2.0.0)
- Microsoft.Extensions.Configuration (>= 2.0.0)
- Microsoft.Extensions.Configuration.Binder (>= 2.0.0)
- Swashbuckle.AspNetCore (>= 3.0.0)
- System.IdentityModel.Tokens.Jwt (>= 5.3.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.