From the course: ASP.NET Core: Token-Based Authentication
Configuring token-based authentication - ASP.NET Core Tutorial
From the course: ASP.NET Core: Token-Based Authentication
Configuring token-based authentication
- [Instructor] Now that we have set up the entity framework and also used the identity framework to create the default identity-related tables, it is time to create the token-based authentication. For that, let us go to Visual Studio and see it in action. In Visual Studio, the first thing that we are going to do is that we are going to define the JWT keys. And we are going to use these keys to generate a strong token. So for that, I'm going to create a new section in here, and this section is going to be named JWT. And then inside this section, the must have property or the must have key is the secret key because without a secret key, you cannot generate a token. So Secret. And this is basically just a string, which is 16 chars or longer. And it is used to generate a strong token. So it's basically used to encrypt the token. For that, I'll just define here this-is-just, let's say strong-key. Now that we have the JWT secret key, let us go to the Startup.cs. And then in the Startup.cs, after the Add Identity, we are going to first add the authentication. So Add Authentication. And we need to add the authentication because we need to define the authentication schemes. So for that, I'll just type in here services. Type AddAuthentication. And then inside here, I'll type options. Then go to. And now we are going to define the default authentication scheme, the challenge scheme, and just the scheme itself. So for that, I'll just type in here options.DefaultAuthenticationScheme is equal to JwtBearer, so BearerDefaults. Now let us import the namespace because we see that we get an error. And at the namespace, you'll need to install the package Microsoft.Authentication.JwtBearer. So I'll just select this option, and then go to the find and install latest version. So now we see that once the package is installed, the error is gone, and now we need to define the default authentication scheme. And that is going to be just the AuthenticationScheme. Next, let us also define the challenge scheme. So options.DefaultChallengeScheme, and that will be the same way, JwtBearerDefaults.AuthenticationScheme. And the last one, options.DefaultScheme, that is going to also be JwtDefaults.AuthenticationScheme. Now, this is all you need to do in this section. Next, you're going to add the actual JWT bearer configuration. So just after the AddAuthentication, you need to actually remove this semicolon. You need to type .AddJwtBearer. And for the JwtBearer, so I'll just put this down here, and then just type in here Add JWT Bearer. Inside the Add JWT Bearer, you're going to actually define the mechanism that is going to be used to valid a token. So basically inside here when you send a token to the API endpoint, inside here, you define the code that is used to check if the token is valid or not. So I'll just type in here options. And then inside the options, we are going to first define that this SaveToken is equal to true, so SaveToken is equal to true. The second property is the RequireHttpsMetadata. RequireHttpsMetadata, and if you check the description, it says that this gets or sets if HTTPS is required for the metadata address or authority. So basically, by setting this property to false, what you do is that you allow the token-based authentication to work over HTTP as well. Next, we are going to define the most important part, and that is the token validation parameters. So these are all the parameters that are going to be used to validate if the token is valid. So options.tokenValidationParameters is equal to new TokenValidationParameters. I'm just going to remove the IdentityModel.Tokens. And then import the namespace for the TokenValidationParameters. So that is the IdentityModel.Tokens. And now inside here, we are going to define all the parameters that we want to use to check for the token validation. So the first thing that we're going to set to be true is the signing key. So validateIssuerSigningKey. And once you set this property to true, what you need to do next is that you need to define or you need to set which is the issuer signing key. And now our signing key was just added in the appsettings.json file. So basically we are going to use this key to check if the token is valid because the same key is also used to generate the token. So basically how it works is that when you generate the token, you use this secret key, and then when you validate the token, you use the same secret key. So in the Startup.cs, we need now to set the IssuerSigningKey. That is going to be new SymmetricSecurityKey and then we are going to use the Encoding, so Encoding. Let us import the namespace for the encoding. And the namespace is system.txt, then .ASCII.GetBytes, and then we are going to use the configuration to get the secret key. So inside the configuration, we have the JWT section, and in this section you have the secret key. Now, if you want, you can just leave it this way but if you want to generate a stronger key, you need to also use like other data like the issuer, the audience, et cetera. So let us just go to the appsettings.json file, and in here I'm going to also define the audience. So audience. And in the audience, I'll just have the audience to be user. So that is just a data you can set. But I'm going to also set, let's say the issuer. And as an issuer, I'm going to set the app itself. So just go to Solution Explorer, right click, then go to Properties. Then you go to Debug. Then scroll down in here. And copy these values, so copy. And then I'll just paste it in here. So save the changes. Now let us go back to the Startup.cs because we're going to also configure the audience and the issuer. So in the Startup.cs. Now we are going to say that we want to validate the issuer as well. So ValidateIssuer. That is going to be true. And then we need to now define the ValidIssuer. The ValidIssuer is going to come from the configuration. And inside the configuration, we have the JWT section, and inside this section, we have the Issuer key. So basically, it is this value. So this is the value for this key. Now let us also use the audience in the Startup.cs. ValidateAudience is equal to true, and the ValidAudience is going to be the configuration. And then inside the configuration, we are going to use the JWT, and then audience. Now, we added everything that we need to add in the configure services but for the configure services to work, we need to also update the configure method. So inside the configure method, just after the UseRouting, we are going to add the authentication and authorization. For that I'll just type in here app.UseAuthentication. And the UseAuthorization was already defined when I created the empty web API project.
Contents
-
-
-
-
(Locked)
Setting up Entity Framework Core8m 44s
-
(Locked)
Adding default identity tables using EF Core8m 51s
-
Configuring token-based authentication9m 38s
-
(Locked)
Adding the authentication controller4m 56s
-
(Locked)
Registering new users using UserManager9m 8s
-
(Locked)
Logging in users4m 54s
-
Generating an access token10m 17s
-
(Locked)
Adding the RefreshToken table5m 4s
-
(Locked)
Generating and storing refresh tokens4m 6s
-
(Locked)
Injecting TokenValidationParameters2m 57s
-
(Locked)
Refreshing expired tokens12m 6s
-
(Locked)
-
-