Menu
ASP.NET | Web App Developer Blog | INOASPECT

Setting up Asp.net core API for JwtBearer Authentication

In your Startup.cs under ConfigureServices register authentication like below, make sure you do it after services.AddMvc

public void ConfigureServices(IServiceCollection services)
{
 services.AddMvc();

services.AddAuthentication(options =>
                {
                    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
                })
                .AddJwtBearer(options =>
                {
                    options.RequireHttpsMetadata = false;
                    options.SaveToken = true;
                    options.TokenValidationParameters = new TokenValidationParameters
                    {
                        ValidateIssuerSigningKey = true,
                        IssuerSigningKey = new SymmetricSecurityKey("your Secret"),
                        ValidateIssuer = false,
                        ValidateAudience = false
                    };
                });

            // if you want the policies , do it like below
            services.AddAuthorization(options =>
            {
                options.AddPolicy(PolicyConstants.RequireAdministratorRole, policy => policy.RequireRole(RoleConstants.Administrator));
                options.AddPolicy(PolicyConstants.RequireUserRole, policy => policy.RequireRole(RoleConstants.Administrator, RoleConstants.User));
            });
}

Now under Configure you can change the request like below

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, DatabaseContext context, IPasswordHasher passwordHasher)
{
 ...
 app.UseAuthentication();
 app.UseStaticFiles();
 ...
}

You can protect controllers like below, using policies

public class MyController 
    {
        private readonly IMediator _mediator;
        private readonly ICurrentUserAccessor _currentUserAccessor;
        public MyController(IMediator mediator, ICurrentUserAccessor currentUserAccessor) : base(mediator, currentUserAccessor)
        {
            _mediator = mediator;
            _currentUserAccessor = currentUserAccessor;
        }

       
        [HttpGet]
        [Authorize(Policy = PolicyConstants.RequireUserRole)]
        public async Task<List<DataItem>> Method1(List.Query query)
        {
            // some code
        }

        [Authorize(Policy = PolicyConstants.RequireAdministratorRole)]
        [HttpGet("Method2")]
        public async Task<PagedResult<List.DataItem, Item>> Method2(List.Query query)
        {
            // some code
        }
        
    }

Happy coding

 

 

Leave a comment

Post Info

Tags

Archives