Setting up Asp.net core API for JwtBearer Authentication
In your Startup.cs under ConfigureServices register authentication like below, make sure you do it after services.AddMvc
public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(options => { options.RequireHttpsMetadata = false; options.SaveToken = true; options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey("your Secret"), ValidateIssuer = false, ValidateAudience = false }; }); // if you want the policies , do it like below services.AddAuthorization(options => { options.AddPolicy(PolicyConstants.RequireAdministratorRole, policy => policy.RequireRole(RoleConstants.Administrator)); options.AddPolicy(PolicyConstants.RequireUserRole, policy => policy.RequireRole(RoleConstants.Administrator, RoleConstants.User)); }); }
Now under Configure you can change the request like below
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, DatabaseContext context, IPasswordHasher passwordHasher) { ... app.UseAuthentication(); app.UseStaticFiles(); ... }
You can protect controllers like below, using policies
public class MyController { private readonly IMediator _mediator; private readonly ICurrentUserAccessor _currentUserAccessor; public MyController(IMediator mediator, ICurrentUserAccessor currentUserAccessor) : base(mediator, currentUserAccessor) { _mediator = mediator; _currentUserAccessor = currentUserAccessor; } [HttpGet] [Authorize(Policy = PolicyConstants.RequireUserRole)] public async Task<List<DataItem>> Method1(List.Query query) { // some code } [Authorize(Policy = PolicyConstants.RequireAdministratorRole)] [HttpGet("Method2")] public async Task<PagedResult<List.DataItem, Item>> Method2(List.Query query) { // some code } }
Happy coding