Asp.net Core Authentication With JWT(Json Web Token) & Refresh Tokens
This video has Asp.net Core Authentication With JWT, refresh token jwt asp.net core, Swagger Bearer Authentication, Custom JWT Token Authentication, asp.net core custom jwt validation, asp.net core custom jwt authentication.
———————————————————————-
What is JWT Token based authentication Web Api work flow? What is the need for Refresh Tokens?
User provides user name and password to the client application. Client application sends the user name and password to the Authorization server. Authorization server validates the credentials and returns JWT Token Web API. Client application preserves the token and sends the JWT Token to the Resource Server. Resource server validates the JWT Token Web API and sends the Resource.
——————————————————————-
Asp.net Core Authentication With JWT
To implement Authentication with JWT in Asp.net Core Web API, We have to use JWTSecurityTokenHandler class. We have to give JWT Security Token Descriptor and mention JWT token Expiration time, Subject which will be the user name that should be embedded inside JWT token in asp.net core. If needed we can keep Role Claims in JWT token subject also we have to mention Encryption Algorithm to encrypt the JWT token. Then we can use JWTSecurityTokenHandler class’s WriteToken method to generate JWT token in asp.net core Web API.
—————————————————————–
Asp.net Core Web API Refresh Tokens | Refresh Token Asp.net Core
Refresh Token Asp.net Core can be any Guid or a encrypted random number. But preferably we can use Encrypted Random number for JWT Refresh Token because it is hard to hack. Every refresh token must have only one active JWT token at a time and each refresh token must have an expiration time. We can use RNGCryptoServiceProvider class to encrypt and create JWT Refresh Token in asp.net core. Refresh tokens are used to regenerate an expired JWT token in asp.net core. Once the JWT Token in asp.net core web api is expired, client application have to send Expired JWT token and Refresh token to Web API. Web API will validate Refresh Token and Expired JWT token and generates a new JWT Token and refresh token if validation is successful. Otherwise the web api will return Invalid Token Details.
———————————————————————
Swagger Authorization | Swagger Bearer Token
We are testing our Asp.net Core Web API Token Based authentication application with Swagger. As swagger have to pass the authorization information in form of Swagger Bearer Token, we have to add some code in the startup.cs class. We have to add Swagger SecurityTokenDescriptor and Swagger SecurityRequirement in the startup.cs class. Based this configuration swagger shows Swagger Authorization button on clicking it, a popup will be opened where the user can enter Bearer token for Asp.net Core Web API Token based authenticaiton application.
———————————————————————–
asp.net core custom jwt validation | asp.net core custom Jwt Authentication
Sometimes we have to inject our own logic to validate the JWT Token adn refresh tokens. In that case, we can use OnTokenValidated Event of Jwt Authentication. Here we can add JWT events and inject our own logic for Asp.net Core Custom Jwt Validation. Asp.net Core Custom JWT Authenticaiton is useful if you want to add custom token validation like validating the ip address.
———————————————————————–
Apart from all the above information, we have used Entity Framework Core (EFCore) to preserve our Refresh tokens also I have demonstrated EF Core Database migrations.
Chapters
00:00:00 Introduction
00:00:50 Creating new Web Api Project
00:09:20 JWT Service class to generate JWT Token
00:22:39 JWT Token Anatomy
00:26:50 Swagger Authentication
00:31:08 Asp.net Core JWT Refresh Tokens
01:04:20 Asp.net Core Custom JWT validation
repo – https://github.com/AzureTeachNet/AzureTeachTutorials/tree/JwtTokens%26RefreshTokens
Comments are closed.