Create JSON Web Token (JWT) in .Net Core Web API

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

today I will show you how we can generate the JW token in dotnet core so uh let's get started to create the template so uh I'm you know I'm going to take the dotnet for web API so let's open the command prompt and uh command is dotnet new web API and we have to give the name of the application of the project so I am taking the JWT token So within a few seconds it will create the template so if I go to the folder you can see this you know has created the project let's open the Microsoft engine Studio 2019 so that we can write the code so the application has been copied in the user Studio go to this solution Explorer and you can see all the uh class files and the controller so uh by default victim you know it will be better weather forecast controller so uh if I run this project for the application you can see the uh you know the metaphor values in the browser okay you can see that we it created one method which in return will be some you know values so let me uh show you that before you know writing the code for the JWT Wick okay so you can see the service has been started and let proceed to the localhost okay so you can basically open the circle and if I make a call get call then we can see the values okay so you know it's a Json format and you know it shows all the informations like what robot and the response and the response header so the application as of now is running by now we have to write the code for the jwq token basically to return the JWT token and then we will access this method with uh access token or you can see the JWT token so uh uh we need to add some packages so these are the three packages which we need add from the new get package so that our you know you know create a b token will do let's add so the person I'm taking is 5.0 because I'm creating this application.net course go to the managed UK package and then go to browse select pgwt there here you can see the uh Microsoft HP dot authentic Shield video and the right side you can see the version or you are able to select the version so 5.0.17 which we need to select Ed and install it click OK accept it So within a few seconds it will install this package package so let's add the another one that is the Microsoft identity tool tokens select the six pointed to 1.0 we can select the latest version of this package but this time selecting the 6.21 .0 version let's select the last one okay so it is a start successfully okay select this one six point two point one dot zero okay okay so all the three packages have been installed you can see all these packages under the dependency package and here you can see it didn't appear token and the tokens.jwt so close it now we have to write some code in the startup class file so first you know that at the packages so not packages is basically the name space because package we have already installed it and so at the name space Microsoft asp.net core authentication and jwtp error and the next one is the uh our uh Microsoft identity model Dot dot okay now we have to add the authentication method in the uh in the configure services so let's get this method quickly Services dot add Authentication and we have to take the jwtw defaults for the authentication scheme and then the authentication scheme and then the active options as well a configuration option I will show you how we can edit AWG here and dictate the config option so so when you know us do the dot you can see the token validation parameter so we have to add all the parameters like the issue signing key issue or credit issuer audience so let me show you all the things one by one okay so we need to take the issuer signing key so make it true and then take the validate issue and then valid audience now we have to assign the issuer signing key and we need to encode our key you need to take the encoding method we need to add the main space encoding Dot utf-8 entity goodbyes and you can take any string or like basically the basics of security key which we need to get so do not give any plain text uh like you can give the base64 uh so but for this demo I am taking anything okay now we have to take the validation okay so very tissue you can take or give any URL so I am taking https apc.com you can take anything else but whatever you want and then you have to define the valid audience let's copy it and same value okay so we have added the authentication method in the application services let's close everything okay Okay so in the we need to add one more thing in the configure method basically we need to authenticate our as well so let's add the Authentication use Authentication if we don't add this one then it will you know like it will not allow or access the method whether you are passing the correct token as well okay now we have to add so first of all you need to add the folder with the name of models and then at the class file so first of all I am taking the login info so login info basically we will Define the property like the username the password and empty another one Okay so they do user details in the user it is like the name password and that role of the user that we or like the users are editing users other test users at the last one that is the frequency user data basically we are not matching the data from the database so we will put it the hard coated data over here in this class file let's define the property in the login info so let me login we have to add the username username and empty the password okay so it's done let's add the user it is okay username password and the rule of the user and make it very simple so that we can see how we can easily create the jw2 token which is basically a for creating the jwp token now add the user data so we have to take the list days [Music] two seconds users Capital users blue this is a good case okay user details we have the username let's get the active admin user password value let's take the pass password one three and to find the tool segment so I'm taking the admin update Okay so test user and then password one two three four three four and then change it with test so I'm just showing you like how we can create or you know uh passing the hard-coded value you can also pair this information from the database basically in the uh real-time project we find this information from the database so I think we have done so now we only need to create the controller to return the jwp token if the user is the valid user so let's add One controller here I am taking the API controller empty and giving the token controller okay so now add one method over here subject class sorry public eye action actually is it and taking the login method or it as it is and foreign so first of all we have to validate the user if it is the valid user then we will return the token key where it is to find the validated user okay so we have the user data to match the username and password single or default username and then as the password username and then user login so basically we are matching I mean which we are getting from the from the user name equal to username and then do okay if this user is a valid user or you can say this information best then we will return the token and how we can do that when you create user is not equal to null if it is not like then it can be token and we need to find the key first like which we did in the startup class file so we copy this one okay and the name space now we have to we need to pass the credentials basically uh indeed token so getting shares you have to take the signing condition and what should be the algorithm so I am taking the hmac 256. sticker okay in and then we have to define the claims in space clean and okay you have to take the claim types first one I am taking the email identifier for those who don't know like the JW token consists of three parts Adder payload enter key or the security key so I'm taking the evaluated user and then okay let's copy okay and DP claims type your and how we can improve it for the meditated user okay so we have defined the claim and now we have to generate the token JWT it's not covering security okay you have to hit the namespace okay and so we have to you know give the audience and then is your audience and then claim if you can see in the suggestion so first of all give the audience and the issuer so copy it from the right give the same value which you have assigned in the start of file okay and then Define the claims now we have to mention like that token how much time the token will be validated whether it's 10 minute 15 minute or 30 minutes so we can Define it over here as well date time so I want that token should be validated for 30 minutes after generating last one is we need to Define this Sanitation we have already done it so we have this okay I think we have done everything okay so they tell okay because we have to return the I actually type okay if it is not a valid user then return not found is user not found so what we have done we as the username password if it is matched then we written the token in the token we you know Define the key and then credential which is necessary for you know generating the token and then Define the claims and then the last we written the token if it is not a valid user then we are returning the SE are not found so we it's uh HTTP method so who mention the HTTP post and we can find the activate allow nms attribute okay so we have done everything now B check whether it's working fine or not oh and here like I showed you that we were able to access this get method uh successfully but now we have the token and I want like those users are the valid user can access this method with the token key with the valid token key and how we can do that so I want only the admin user can access this and the admin it remains okay and then you mentioned the authorized attribute so those are authorized can access this method so as I said like I want only the admin user can access it so mention the admin okay let's pick this application and see is building properly or not he will give you some issue okay at least one and delete it again okay now when this application so I will show you through the postman I am going to open the postman so that you can pass the valid token while accessing this weather forecast controller okay foreign [Music] API token and if I go to the application you can see that we have the token controller and I am calling this method so if you can see that HTTP I am taking the https local 50. API token and I given the username and the password so first of all check this that I am sending you type details or not I'm going to use uh data okay so password one two three four every user let's change this one okay and think everything is fine so let's make a post call okay so I'm getting some as let me take a look okay so I on the issue I miss one thing that we need to return that token so can be over here you have to message in the KW security token you can be security to OK a Handler and then write the token okay save it and then run this application again okay so service has started now make a call again you can see like whether it's working fine or not we got the token and we have to park this token when you make a call the admin method which we have in the uh weather forecast controller so let's call this one and see like whether the whole token is working fine or not so this is a weather forecast copy this one together forecast and address and we have to pass our token in the bearer token you go to the authorization you can see one option Bearer token and then select it and then put this new token put it over here and then make a get call okay so see we get the response successfully now let's check if I change anything in the token then it will work or not so let me change something over here I am replacing e by with some other is it on Word m U okay so here you can see we received the unauthorized because I am passing the invalid token and if I change only the right token again it will work but after 15 minute you have to regenerate it token otherwise you will guarantee unauthorized so that is all for this JWT uh token implementation please like And subscribe the channel thank you so much

Info

Channel: TechHelp

Views: 536

Rating: undefined out of 5

Keywords: jwt, Jason Web Token, authentication, authorization, .net core, dot net core, web api, jwt in .net, authentication in .net Core, authentication and authentication in .net, authentication and authorization in .net Core

Id: 3e3XVsYuInQ

Channel Id: undefined

Length: 41min 22sec (2482 seconds)

Published: Sun Feb 05 2023