EP 16 : How to secure your endpoints using JWT in .NET 6 ?

Read Time : 3 Mins

A big thank you to our sponsors who keep this newsletter free to the reader.

Today's issue is sponsored by Milan .NET Weekly Newsletter. It's a newsletter about the best practices with .NET & software architecture. More than 22,000+ engineers get one practical tip every week to improve their skills. Check it out here

Join Milan .NET Newsletter

---

In today’s newsletter we are going to discuss

• What is JWT

• How JWT works ?

• Enable it in .NET 6.0 ?

I am not going to cover

• How token would be generated

• How to pass token in your request

What is JWT ?

JSON Web Token are extensively used in authentication and authorization they make sure that this user is . JWT has three parts

• Header

• Payload

• Signature

Header contains details about encryption algorithm ,payload contains key-value based data which we call claims mostly and third part is signature which combines header and payload in Base64 along with secret key and hashes it.

How JWT Works ?

User sends email & password and gets authenticated and at the same time we generated a string which we call token. So for every next request that comes to our endpoints that string is attached in header of request and we use it to verify identity of user.

Let’s not dig more in JWT and focus on its implementation.

Enable it in .NET 6.0 ?

It has pretty simple three steps.

• Install Microsoft.AspNetCore.Authentication.JWTBearer Nuget Package

• Configure your Program.cs

• Remove AllowAnonymous attribute and change it with Authorize on your controller

Let’s see last two steps. Suppose in our appsetting file we have some configuration for JWT

NOTE : Unfortunately it is not practiced a lot but best ways of keeping this secret is on some secure Vaults , it is not best to keep it here in appsetting

I have added local hosts but you can add the valid issuer URL and the audience for which it is intended.

Adding it in Pipeline

That is all you need to do , just add [Authorize] attribute now to your controllers.

Whenever you’re ready , there are 3 ways I can help you

1. Promote yourself to 3400+ subscribers by sponsoring my Newsletter (Reach me at mwaseemzakir@gmail.com)

2. Become a Patron and get access to 100+ .NET Questions and Answers , I add 2-5 new questions every week

3. Get my FREE eBook from Gumroad that contains 30 .NET Tips (Downloaded by 2200+ and 100+ five star ratings)

“The only lasting beauty is the beauty of the heart” - Rumi

Comments

[Totti]

Thanks!

[Vigneash]

Hi - will this generate a new JWT each time ?