ASP.NET Core 2.0 Bearer Authentication

Problem

How to implement bearer authentication in ASP.NET Core 2.0

Solution

Create an empty project and update Startup to configure JWT bearer authentication:

Add a class to create signing key:

Add an API controller and secure with [Authorize] attribute:

Discussion

Bearer Tokens (or just Tokens) are commonly used to authenticate Web APIs because they are framework independent, unlike something like Cookie Authentication that is tightly coupled with ASP.NET Core framework.

JSON Web Tokens (JWT) is commonly used to transfer user claims to the server as a base 64 URL encoded value. In order for clients to send a token, they must include an Authorization header with a value of “Bearer [token]”, where [token] is the token value.

Middleware

When setting up bearer services you specify how incoming token is validated e.g. code in the Solution section would validate based on Issuer, Audience and Expiry values.

When configuring authentication you could hook into lifecycle events too:

Token

Usually tokens will  be created by using OAuth framework like IdentityServer 4. However, you could also have an endpoint in your application to create token based on client credentials. Below is a snippet from the sample project that creates a JWT:

You could have a controller to use this method and create tokens:

Now you could make a request to this controller in order to obtain a new token:

Using the token you could access the API:

jQuery

You could use jQuery to get tokens and access secure resources. To do so enable the use of Static Files in Startup:

Create a controller to return a view:

Add Index view that uses jQuery (jQuery script lives in folder wwwroot/js):

Source Code

GitHub: https://github.com/TahirNaushad/Fiver.Security.Bearer

Leave a Reply