JwtAuthForWebAPI 2.0.7

Provides easy implementation for JWT-based HTTP authentication in an ASP.NET Web API project.

Install-Package JwtAuthForWebAPI -Version 2.0.7
dotnet add package JwtAuthForWebAPI --version 2.0.7
<PackageReference Include="JwtAuthForWebAPI" Version="2.0.7" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add JwtAuthForWebAPI --version 2.0.7
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Release Notes

Nuget-deployed library for securing your ASP.NET Web API service with JSON Web Tokens (JWT).

     This library is essentially a DelegatingHandler that creates a new ClaimsPrincipal based on the incoming token and assigns it to the current thread. As such, you *must* secure your controllers and/or their actions with the `[Authorize]` attribute - per standard ASP.NET authorization practices. In other words, the handler doesn't actually prevent unauthorized access to your site - that's what the `[Authorize]` attribute is for.

     The required token can exist in either the HTTP Authorization header or a browser cookie (cookie's name provided during configuration of the JwtAuthenticationMessageHandler object).

     Configure your ASP.NET Web API site with this library by putting the following code (or similar) in your WebApiConfig.Register() method:

     var builder = new SecurityTokenBuilder();
     var jwtHandler = new JwtAuthenticationMessageHandler
     {
         AllowedAudience = "http://www.example.com/",
         Issuer = "corp",
         SigningToken = builder.CreateFromCertificate("CN=JwtAuthForWebAPI Example"),
         CookieNameToCheckForToken = "ut"
     };

     config.MessageHandlers.Add(jwtHandler);


     2.0.5 - added support for allowing callers to submit the required token in a browser cookie - to better support Single Page Applications with your REST API.
     2.0.6 - added explicit catch of SignatureVerificationFailedException to make sure that gets returned as a 401 (and not a 500)
     2.0.7 - added explicit check of principal object returned from a custom PrincipalTransformer


     Please see the project site for more details.

GitHub repositories (1)

Showing the top 1 popular GitHub repositories that depend on JwtAuthForWebAPI:

Repository Stars
jamiekurtz/WebApi2Book
Example source code that accompanies ASP.NET Web API 2: Building a REST Service from Start to Finish

Version History

Version Downloads Last updated
2.0.7 18,476 4/22/2015
2.0.6 530 4/21/2015
2.0.5 1,472 1/28/2015
2.0.4 1,412 9/17/2014
2.0.3-RC2 521 8/4/2014
2.0.2-beta1 575 5/21/2014
2.0.1-beta1 1,402 5/19/2014
2.0.0-beta1 499 5/19/2014
1.0.7 868 5/12/2014
1.0.6 540 5/11/2014
1.0.5 726 4/12/2014
1.0.4 839 1/23/2014
1.0.3 551 1/23/2014
1.0.2 677 11/12/2013
1.0.1 678 11/6/2013
1.0.0 562 11/6/2013