Provides easy implementation for JWT-based HTTP authentication in an ASP.NET Web API project.
Install-Package JwtAuthForWebAPI -Version 2.0.7
dotnet add package JwtAuthForWebAPI --version 2.0.7
<PackageReference Include="JwtAuthForWebAPI" Version="2.0.7" />
paket add JwtAuthForWebAPI --version 2.0.7
Nuget-deployed library for securing your ASP.NET Web API service with JSON Web Tokens (JWT).
This library is essentially a DelegatingHandler that creates a new ClaimsPrincipal based on the incoming token and assigns it to the current thread. As such, you *must* secure your controllers and/or their actions with the `[Authorize]` attribute - per standard ASP.NET authorization practices. In other words, the handler doesn't actually prevent unauthorized access to your site - that's what the `[Authorize]` attribute is for.
The required token can exist in either the HTTP Authorization header or a browser cookie (cookie's name provided during configuration of the JwtAuthenticationMessageHandler object).
Configure your ASP.NET Web API site with this library by putting the following code (or similar) in your WebApiConfig.Register() method:
var builder = new SecurityTokenBuilder();
var jwtHandler = new JwtAuthenticationMessageHandler
AllowedAudience = "http://www.example.com/",
Issuer = "corp",
SigningToken = builder.CreateFromCertificate("CN=JwtAuthForWebAPI Example"),
CookieNameToCheckForToken = "ut"
2.0.5 - added support for allowing callers to submit the required token in a browser cookie - to better support Single Page Applications with your REST API.
2.0.6 - added explicit catch of SignatureVerificationFailedException to make sure that gets returned as a 401 (and not a 500)
2.0.7 - added explicit check of principal object returned from a custom PrincipalTransformer
Please see the project site for more details.
GitHub repositories (1)
Showing the top 1 popular GitHub repositories that depend on JwtAuthForWebAPI:
Example source code that accompanies ASP.NET Web API 2: Building a REST Service from Start to Finish