.net core JWT API impliemntation at client side

Question

0.00/5 (No votes)

See more:

as I am new to the .Net Core, I am facing the following issue

I have Authentication_API that returns JWT Token to the login controller at client side. After successfull login, I want to redirect to Home page. But when I use [Autherize] attribute to the controller it is not working. But without [Autherize] attribute it is displaying the home page.

Please help me how to solve this issue.
I think I am not saving the token in the header.

I was referencing the below API for JWT ,
http://jasonwatmore.com/post/2019/01/08/aspnet-core-22-role-based-authorization-tutorial-with-example-api

Here is my token generator

var tokenHandler = new JwtSecurityTokenHandler();
                   var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
                   var tokenDescriptor = new SecurityTokenDescriptor
                   {
                       Subject = new ClaimsIdentity(new Claim[]
                       {
                               new Claim(ClaimTypes.Name, user.UserId.ToString()),
                               new Claim(ClaimTypes.Role,user.Role.RoleNameE.ToString())
                       }),
                       Expires = DateTime.UtcNow.AddDays(7),
                       SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
                   };
                   var token = tokenHandler.CreateToken(tokenDescriptor);
                   var tokenString = tokenHandler.WriteToken(token);

After this point, I want to redirect to Home page

this is my Startup page

public void ConfigureServices(IServiceCollection services)
        {
            services.Configure<CookiePolicyOptions>(options =>
            {
                // This lambda determines whether user consent for non-essential cookies is needed for a given request.
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });

            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);


            // Add ASPNETCore DBContext services.
            services.AddDbContext<Tejoury_MSContext>(options => options.UseSqlServer(Configuration.GetConnectionString("DatabaseConnection")));

            // configure strongly typed settings objects : abdulla
            var appSettingsSection = Configuration.GetSection("AppSettings");
            services.Configure<AppSettings>(appSettingsSection);

            //--------------- configure jwt(JSON Web Tokens) authentication : abdulla --------------- 
            var appSettings = appSettingsSection.Get<AppSettings>();
            var key = Encoding.ASCII.GetBytes(appSettings.Secret);
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(x =>
            {
                x.Events = new JwtBearerEvents
                {
                    OnTokenValidated = context =>
                    {
                        var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();
                        var userId = int.Parse(context.Principal.Identity.Name);
                        var user = userService.GetById(userId);
                        if (user == null)
                        {
                            // return unauthorized if user no longer exists
                            context.Fail("Unauthorized");
                        }
                        return Task.CompletedTask;
                    }
                };
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(key),
                    ValidateIssuer = false,
                    ValidateAudience = false
                };
            });
            //----------------------------------------------------------------------

            // configure DI for application services : Abdulla
            services.AddScoped<IUserService, UserService>();
            services.AddAuthorization(options =>
            {
                options.AddPolicy("RequireAdminRole",
                    authBuilder =>
                    { authBuilder.RequireRole("Admin"); });

            });

        }

What I have tried:

I want to implement JWT Authentication API in my client asp.net core applcaiton

this is the api I am using,

ASP.NET Core 2.2 - Role Based Authorization Tutorial with Example API | Jason Watmore's Blog[^]

Posted 20-Jan-19 4:05am

abdu_karami

Add a Solution

Comments

Bohdan Stupak 20-Jan-19 11:28am

The controller codes and what exactly doesn't work would be helpful since the only guess from your code I have is that you have a typo in a word Authorize

Bryian Tan 20-Jan-19 16:31pm

Based on what you described, sound like the bearer token is not being validated. Try debug it by adding OnAuthenticationFailed

OnAuthenticationFailed = context =>
                    {
                        // Authentication failed
                       
                    }

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)