├── .gitattributes ├── .gitignore ├── JwtWebApiTutorial.sln └── JwtWebApiTutorial ├── Controllers ├── AuthController.cs └── WeatherForecastController.cs ├── JwtWebApiTutorial.csproj ├── Program.cs ├── Properties └── launchSettings.json ├── RefreshToken.cs ├── Services └── UserService │ ├── IUserService.cs │ └── UserService.cs ├── User.cs ├── UserDto.cs ├── WeatherForecast.cs ├── appsettings.Development.json └── appsettings.json /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Ww][Ii][Nn]32/ 27 | [Aa][Rr][Mm]/ 28 | [Aa][Rr][Mm]64/ 29 | bld/ 30 | [Bb]in/ 31 | [Oo]bj/ 32 | [Oo]ut/ 33 | [Ll]og/ 34 | [Ll]ogs/ 35 | 36 | # Visual Studio 2015/2017 cache/options directory 37 | .vs/ 38 | # Uncomment if you have tasks that create the project's static files in wwwroot 39 | #wwwroot/ 40 | 41 | # Visual Studio 2017 auto generated files 42 | Generated\ Files/ 43 | 44 | # MSTest test Results 45 | [Tt]est[Rr]esult*/ 46 | [Bb]uild[Ll]og.* 47 | 48 | # NUnit 49 | *.VisualState.xml 50 | TestResult.xml 51 | nunit-*.xml 52 | 53 | # Build Results of an ATL Project 54 | [Dd]ebugPS/ 55 | [Rr]eleasePS/ 56 | dlldata.c 57 | 58 | # Benchmark Results 59 | BenchmarkDotNet.Artifacts/ 60 | 61 | # .NET Core 62 | project.lock.json 63 | project.fragment.lock.json 64 | artifacts/ 65 | 66 | # ASP.NET Scaffolding 67 | ScaffoldingReadMe.txt 68 | 69 | # StyleCop 70 | StyleCopReport.xml 71 | 72 | # Files built by Visual Studio 73 | *_i.c 74 | *_p.c 75 | *_h.h 76 | *.ilk 77 | *.meta 78 | *.obj 79 | *.iobj 80 | *.pch 81 | *.pdb 82 | *.ipdb 83 | *.pgc 84 | *.pgd 85 | *.rsp 86 | *.sbr 87 | *.tlb 88 | *.tli 89 | *.tlh 90 | *.tmp 91 | *.tmp_proj 92 | *_wpftmp.csproj 93 | *.log 94 | *.vspscc 95 | *.vssscc 96 | .builds 97 | *.pidb 98 | *.svclog 99 | *.scc 100 | 101 | # Chutzpah Test files 102 | _Chutzpah* 103 | 104 | # Visual C++ cache files 105 | ipch/ 106 | *.aps 107 | *.ncb 108 | *.opendb 109 | *.opensdf 110 | *.sdf 111 | *.cachefile 112 | *.VC.db 113 | *.VC.VC.opendb 114 | 115 | # Visual Studio profiler 116 | *.psess 117 | *.vsp 118 | *.vspx 119 | *.sap 120 | 121 | # Visual Studio Trace Files 122 | *.e2e 123 | 124 | # TFS 2012 Local Workspace 125 | $tf/ 126 | 127 | # Guidance Automation Toolkit 128 | *.gpState 129 | 130 | # ReSharper is a .NET coding add-in 131 | _ReSharper*/ 132 | *.[Rr]e[Ss]harper 133 | *.DotSettings.user 134 | 135 | # TeamCity is a build add-in 136 | _TeamCity* 137 | 138 | # DotCover is a Code Coverage Tool 139 | *.dotCover 140 | 141 | # AxoCover is a Code Coverage Tool 142 | .axoCover/* 143 | !.axoCover/settings.json 144 | 145 | # Coverlet is a free, cross platform Code Coverage Tool 146 | coverage*.json 147 | coverage*.xml 148 | coverage*.info 149 | 150 | # Visual Studio code coverage results 151 | *.coverage 152 | *.coveragexml 153 | 154 | # NCrunch 155 | _NCrunch_* 156 | .*crunch*.local.xml 157 | nCrunchTemp_* 158 | 159 | # MightyMoose 160 | *.mm.* 161 | AutoTest.Net/ 162 | 163 | # Web workbench (sass) 164 | .sass-cache/ 165 | 166 | # Installshield output folder 167 | [Ee]xpress/ 168 | 169 | # DocProject is a documentation generator add-in 170 | DocProject/buildhelp/ 171 | DocProject/Help/*.HxT 172 | DocProject/Help/*.HxC 173 | DocProject/Help/*.hhc 174 | DocProject/Help/*.hhk 175 | DocProject/Help/*.hhp 176 | DocProject/Help/Html2 177 | DocProject/Help/html 178 | 179 | # Click-Once directory 180 | publish/ 181 | 182 | # Publish Web Output 183 | *.[Pp]ublish.xml 184 | *.azurePubxml 185 | # Note: Comment the next line if you want to checkin your web deploy settings, 186 | # but database connection strings (with potential passwords) will be unencrypted 187 | *.pubxml 188 | *.publishproj 189 | 190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 191 | # checkin your Azure Web App publish settings, but sensitive information contained 192 | # in these scripts will be unencrypted 193 | PublishScripts/ 194 | 195 | # NuGet Packages 196 | *.nupkg 197 | # NuGet Symbol Packages 198 | *.snupkg 199 | # The packages folder can be ignored because of Package Restore 200 | **/[Pp]ackages/* 201 | # except build/, which is used as an MSBuild target. 202 | !**/[Pp]ackages/build/ 203 | # Uncomment if necessary however generally it will be regenerated when needed 204 | #!**/[Pp]ackages/repositories.config 205 | # NuGet v3's project.json files produces more ignorable files 206 | *.nuget.props 207 | *.nuget.targets 208 | 209 | # Microsoft Azure Build Output 210 | csx/ 211 | *.build.csdef 212 | 213 | # Microsoft Azure Emulator 214 | ecf/ 215 | rcf/ 216 | 217 | # Windows Store app package directories and files 218 | AppPackages/ 219 | BundleArtifacts/ 220 | Package.StoreAssociation.xml 221 | _pkginfo.txt 222 | *.appx 223 | *.appxbundle 224 | *.appxupload 225 | 226 | # Visual Studio cache files 227 | # files ending in .cache can be ignored 228 | *.[Cc]ache 229 | # but keep track of directories ending in .cache 230 | !?*.[Cc]ache/ 231 | 232 | # Others 233 | ClientBin/ 234 | ~$* 235 | *~ 236 | *.dbmdl 237 | *.dbproj.schemaview 238 | *.jfm 239 | *.pfx 240 | *.publishsettings 241 | orleans.codegen.cs 242 | 243 | # Including strong name files can present a security risk 244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 245 | #*.snk 246 | 247 | # Since there are multiple workflows, uncomment next line to ignore bower_components 248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 249 | #bower_components/ 250 | 251 | # RIA/Silverlight projects 252 | Generated_Code/ 253 | 254 | # Backup & report files from converting an old project file 255 | # to a newer Visual Studio version. Backup files are not needed, 256 | # because we have git ;-) 257 | _UpgradeReport_Files/ 258 | Backup*/ 259 | UpgradeLog*.XML 260 | UpgradeLog*.htm 261 | ServiceFabricBackup/ 262 | *.rptproj.bak 263 | 264 | # SQL Server files 265 | *.mdf 266 | *.ldf 267 | *.ndf 268 | 269 | # Business Intelligence projects 270 | *.rdl.data 271 | *.bim.layout 272 | *.bim_*.settings 273 | *.rptproj.rsuser 274 | *- [Bb]ackup.rdl 275 | *- [Bb]ackup ([0-9]).rdl 276 | *- [Bb]ackup ([0-9][0-9]).rdl 277 | 278 | # Microsoft Fakes 279 | FakesAssemblies/ 280 | 281 | # GhostDoc plugin setting file 282 | *.GhostDoc.xml 283 | 284 | # Node.js Tools for Visual Studio 285 | .ntvs_analysis.dat 286 | node_modules/ 287 | 288 | # Visual Studio 6 build log 289 | *.plg 290 | 291 | # Visual Studio 6 workspace options file 292 | *.opt 293 | 294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 295 | *.vbw 296 | 297 | # Visual Studio LightSwitch build output 298 | **/*.HTMLClient/GeneratedArtifacts 299 | **/*.DesktopClient/GeneratedArtifacts 300 | **/*.DesktopClient/ModelManifest.xml 301 | **/*.Server/GeneratedArtifacts 302 | **/*.Server/ModelManifest.xml 303 | _Pvt_Extensions 304 | 305 | # Paket dependency manager 306 | .paket/paket.exe 307 | paket-files/ 308 | 309 | # FAKE - F# Make 310 | .fake/ 311 | 312 | # CodeRush personal settings 313 | .cr/personal 314 | 315 | # Python Tools for Visual Studio (PTVS) 316 | __pycache__/ 317 | *.pyc 318 | 319 | # Cake - Uncomment if you are using it 320 | # tools/** 321 | # !tools/packages.config 322 | 323 | # Tabs Studio 324 | *.tss 325 | 326 | # Telerik's JustMock configuration file 327 | *.jmconfig 328 | 329 | # BizTalk build output 330 | *.btp.cs 331 | *.btm.cs 332 | *.odx.cs 333 | *.xsd.cs 334 | 335 | # OpenCover UI analysis results 336 | OpenCover/ 337 | 338 | # Azure Stream Analytics local run output 339 | ASALocalRun/ 340 | 341 | # MSBuild Binary and Structured Log 342 | *.binlog 343 | 344 | # NVidia Nsight GPU debugger configuration file 345 | *.nvuser 346 | 347 | # MFractors (Xamarin productivity tool) working folder 348 | .mfractor/ 349 | 350 | # Local History for Visual Studio 351 | .localhistory/ 352 | 353 | # BeatPulse healthcheck temp database 354 | healthchecksdb 355 | 356 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 357 | MigrationBackup/ 358 | 359 | # Ionide (cross platform F# VS Code tools) working folder 360 | .ionide/ 361 | 362 | # Fody - auto-generated XML schema 363 | FodyWeavers.xsd -------------------------------------------------------------------------------- /JwtWebApiTutorial.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.0.31903.59 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "JwtWebApiTutorial", "JwtWebApiTutorial\JwtWebApiTutorial.csproj", "{D79DF8D4-9671-4BFD-8906-902B9929B309}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {D79DF8D4-9671-4BFD-8906-902B9929B309}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {D79DF8D4-9671-4BFD-8906-902B9929B309}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {D79DF8D4-9671-4BFD-8906-902B9929B309}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {D79DF8D4-9671-4BFD-8906-902B9929B309}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {558305C2-32C7-4138-9D12-8E985315F6A0} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/Controllers/AuthController.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.AspNetCore.Authorization; 2 | using Microsoft.AspNetCore.Http; 3 | using Microsoft.AspNetCore.Mvc; 4 | using Microsoft.IdentityModel.Tokens; 5 | using System.IdentityModel.Tokens.Jwt; 6 | using System.Security.Claims; 7 | using System.Security.Cryptography; 8 | 9 | namespace JwtWebApiTutorial.Controllers 10 | { 11 | [Route("api/[controller]")] 12 | [ApiController] 13 | public class AuthController : ControllerBase 14 | { 15 | public static User user = new User(); 16 | private readonly IConfiguration _configuration; 17 | private readonly IUserService _userService; 18 | 19 | public AuthController(IConfiguration configuration, IUserService userService) 20 | { 21 | _configuration = configuration; 22 | _userService = userService; 23 | } 24 | 25 | [HttpGet, Authorize] 26 | public ActionResult GetMe() 27 | { 28 | var userName = _userService.GetMyName(); 29 | return Ok(userName); 30 | } 31 | 32 | [HttpPost("register")] 33 | public async Task> Register(UserDto request) 34 | { 35 | CreatePasswordHash(request.Password, out byte[] passwordHash, out byte[] passwordSalt); 36 | 37 | user.Username = request.Username; 38 | user.PasswordHash = passwordHash; 39 | user.PasswordSalt = passwordSalt; 40 | 41 | return Ok(user); 42 | } 43 | 44 | [HttpPost("login")] 45 | public async Task> Login(UserDto request) 46 | { 47 | if (user.Username != request.Username) 48 | { 49 | return BadRequest("User not found."); 50 | } 51 | 52 | if (!VerifyPasswordHash(request.Password, user.PasswordHash, user.PasswordSalt)) 53 | { 54 | return BadRequest("Wrong password."); 55 | } 56 | 57 | string token = CreateToken(user); 58 | 59 | var refreshToken = GenerateRefreshToken(); 60 | SetRefreshToken(refreshToken); 61 | 62 | return Ok(token); 63 | } 64 | 65 | [HttpPost("refresh-token")] 66 | public async Task> RefreshToken() 67 | { 68 | var refreshToken = Request.Cookies["refreshToken"]; 69 | 70 | if (!user.RefreshToken.Equals(refreshToken)) 71 | { 72 | return Unauthorized("Invalid Refresh Token."); 73 | } 74 | else if(user.TokenExpires < DateTime.Now) 75 | { 76 | return Unauthorized("Token expired."); 77 | } 78 | 79 | string token = CreateToken(user); 80 | var newRefreshToken = GenerateRefreshToken(); 81 | SetRefreshToken(newRefreshToken); 82 | 83 | return Ok(token); 84 | } 85 | 86 | private RefreshToken GenerateRefreshToken() 87 | { 88 | var refreshToken = new RefreshToken 89 | { 90 | Token = Convert.ToBase64String(RandomNumberGenerator.GetBytes(64)), 91 | Expires = DateTime.Now.AddDays(7), 92 | Created = DateTime.Now 93 | }; 94 | 95 | return refreshToken; 96 | } 97 | 98 | private void SetRefreshToken(RefreshToken newRefreshToken) 99 | { 100 | var cookieOptions = new CookieOptions 101 | { 102 | HttpOnly = true, 103 | Expires = newRefreshToken.Expires 104 | }; 105 | Response.Cookies.Append("refreshToken", newRefreshToken.Token, cookieOptions); 106 | 107 | user.RefreshToken = newRefreshToken.Token; 108 | user.TokenCreated = newRefreshToken.Created; 109 | user.TokenExpires = newRefreshToken.Expires; 110 | } 111 | 112 | private string CreateToken(User user) 113 | { 114 | List claims = new List 115 | { 116 | new Claim(ClaimTypes.Name, user.Username), 117 | new Claim(ClaimTypes.Role, "Admin") 118 | }; 119 | 120 | var key = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes( 121 | _configuration.GetSection("AppSettings:Token").Value)); 122 | 123 | var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha512Signature); 124 | 125 | var token = new JwtSecurityToken( 126 | claims: claims, 127 | expires: DateTime.Now.AddDays(1), 128 | signingCredentials: creds); 129 | 130 | var jwt = new JwtSecurityTokenHandler().WriteToken(token); 131 | 132 | return jwt; 133 | } 134 | 135 | private void CreatePasswordHash(string password, out byte[] passwordHash, out byte[] passwordSalt) 136 | { 137 | using (var hmac = new HMACSHA512()) 138 | { 139 | passwordSalt = hmac.Key; 140 | passwordHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); 141 | } 142 | } 143 | 144 | private bool VerifyPasswordHash(string password, byte[] passwordHash, byte[] passwordSalt) 145 | { 146 | using (var hmac = new HMACSHA512(passwordSalt)) 147 | { 148 | var computedHash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password)); 149 | return computedHash.SequenceEqual(passwordHash); 150 | } 151 | } 152 | } 153 | } 154 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/Controllers/WeatherForecastController.cs: -------------------------------------------------------------------------------- 1 | using Microsoft.AspNetCore.Authorization; 2 | using Microsoft.AspNetCore.Mvc; 3 | 4 | namespace JwtWebApiTutorial.Controllers 5 | { 6 | [ApiController] 7 | [Route("[controller]")] 8 | public class WeatherForecastController : ControllerBase 9 | { 10 | private static readonly string[] Summaries = new[] 11 | { 12 | "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching" 13 | }; 14 | 15 | private readonly ILogger _logger; 16 | 17 | public WeatherForecastController(ILogger logger) 18 | { 19 | _logger = logger; 20 | } 21 | 22 | [HttpGet(Name = "GetWeatherForecast"), Authorize(Roles = "Admin")] 23 | public IEnumerable Get() 24 | { 25 | return Enumerable.Range(1, 5).Select(index => new WeatherForecast 26 | { 27 | Date = DateTime.Now.AddDays(index), 28 | TemperatureC = Random.Shared.Next(-20, 55), 29 | Summary = Summaries[Random.Shared.Next(Summaries.Length)] 30 | }) 31 | .ToArray(); 32 | } 33 | } 34 | } -------------------------------------------------------------------------------- /JwtWebApiTutorial/JwtWebApiTutorial.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | net6.0 5 | enable 6 | enable 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/Program.cs: -------------------------------------------------------------------------------- 1 | global using JwtWebApiTutorial.Services.UserService; 2 | using Microsoft.AspNetCore.Authentication.JwtBearer; 3 | using Microsoft.IdentityModel.Tokens; 4 | using Microsoft.OpenApi.Models; 5 | using Swashbuckle.AspNetCore.Filters; 6 | using System.Text; 7 | 8 | var builder = WebApplication.CreateBuilder(args); 9 | 10 | // Add services to the container. 11 | 12 | builder.Services.AddControllers(); 13 | // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle 14 | builder.Services.AddEndpointsApiExplorer(); 15 | builder.Services.AddScoped(); 16 | builder.Services.AddHttpContextAccessor(); 17 | builder.Services.AddSwaggerGen(options => 18 | { 19 | options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme 20 | { 21 | Description = "Standard Authorization header using the Bearer scheme (\"bearer {token}\")", 22 | In = ParameterLocation.Header, 23 | Name = "Authorization", 24 | Type = SecuritySchemeType.ApiKey 25 | }); 26 | 27 | options.OperationFilter(); 28 | }); 29 | builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) 30 | .AddJwtBearer(options => 31 | { 32 | options.TokenValidationParameters = new TokenValidationParameters 33 | { 34 | ValidateIssuerSigningKey = true, 35 | IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8 36 | .GetBytes(builder.Configuration.GetSection("AppSettings:Token").Value)), 37 | ValidateIssuer = false, 38 | ValidateAudience = false 39 | }; 40 | }); 41 | builder.Services.AddCors(options => options.AddPolicy(name: "NgOrigins", 42 | policy => 43 | { 44 | policy.WithOrigins("http://localhost:4200").AllowAnyMethod().AllowAnyHeader(); 45 | })); 46 | 47 | var app = builder.Build(); 48 | 49 | // Configure the HTTP request pipeline. 50 | if (app.Environment.IsDevelopment()) 51 | { 52 | app.UseSwagger(); 53 | app.UseSwaggerUI(); 54 | } 55 | 56 | app.UseCors("NgOrigins"); 57 | 58 | app.UseHttpsRedirection(); 59 | 60 | app.UseAuthentication(); 61 | 62 | app.UseAuthorization(); 63 | 64 | app.MapControllers(); 65 | 66 | app.Run(); 67 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/Properties/launchSettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "https://json.schemastore.org/launchsettings.json", 3 | "iisSettings": { 4 | "windowsAuthentication": false, 5 | "anonymousAuthentication": true, 6 | "iisExpress": { 7 | "applicationUrl": "http://localhost:59592", 8 | "sslPort": 44389 9 | } 10 | }, 11 | "profiles": { 12 | "JwtWebApiTutorial": { 13 | "commandName": "Project", 14 | "dotnetRunMessages": true, 15 | "launchBrowser": true, 16 | "launchUrl": "swagger", 17 | "applicationUrl": "https://localhost:7272;http://localhost:5272", 18 | "environmentVariables": { 19 | "ASPNETCORE_ENVIRONMENT": "Development" 20 | } 21 | }, 22 | "IIS Express": { 23 | "commandName": "IISExpress", 24 | "launchBrowser": true, 25 | "launchUrl": "swagger", 26 | "environmentVariables": { 27 | "ASPNETCORE_ENVIRONMENT": "Development" 28 | } 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/RefreshToken.cs: -------------------------------------------------------------------------------- 1 | namespace JwtWebApiTutorial 2 | { 3 | public class RefreshToken 4 | { 5 | public string Token { get; set; } = string.Empty; 6 | public DateTime Created { get; set; } = DateTime.Now; 7 | public DateTime Expires { get; set; } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/Services/UserService/IUserService.cs: -------------------------------------------------------------------------------- 1 | namespace JwtWebApiTutorial.Services.UserService 2 | { 3 | public interface IUserService 4 | { 5 | string GetMyName(); 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/Services/UserService/UserService.cs: -------------------------------------------------------------------------------- 1 | using System.Security.Claims; 2 | 3 | namespace JwtWebApiTutorial.Services.UserService 4 | { 5 | public class UserService : IUserService 6 | { 7 | private readonly IHttpContextAccessor _httpContextAccessor; 8 | 9 | public UserService(IHttpContextAccessor httpContextAccessor) 10 | { 11 | _httpContextAccessor = httpContextAccessor; 12 | } 13 | 14 | public string GetMyName() 15 | { 16 | var result = string.Empty; 17 | if (_httpContextAccessor.HttpContext != null) 18 | { 19 | result = _httpContextAccessor.HttpContext.User.FindFirstValue(ClaimTypes.Name); 20 | } 21 | return result; 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/User.cs: -------------------------------------------------------------------------------- 1 | namespace JwtWebApiTutorial 2 | { 3 | public class User 4 | { 5 | public string Username { get; set; } = string.Empty; 6 | public byte[] PasswordHash { get; set; } 7 | public byte[] PasswordSalt { get; set; } 8 | public string RefreshToken { get; set; } = string.Empty; 9 | public DateTime TokenCreated { get; set; } 10 | public DateTime TokenExpires { get; set; } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/UserDto.cs: -------------------------------------------------------------------------------- 1 | namespace JwtWebApiTutorial 2 | { 3 | public class UserDto 4 | { 5 | public string Username { get; set; } = string.Empty; 6 | public string Password { get; set; } = string.Empty; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/WeatherForecast.cs: -------------------------------------------------------------------------------- 1 | namespace JwtWebApiTutorial 2 | { 3 | public class WeatherForecast 4 | { 5 | public DateTime Date { get; set; } 6 | 7 | public int TemperatureC { get; set; } 8 | 9 | public int TemperatureF => 32 + (int)(TemperatureC / 0.5556); 10 | 11 | public string? Summary { get; set; } 12 | } 13 | } -------------------------------------------------------------------------------- /JwtWebApiTutorial/appsettings.Development.json: -------------------------------------------------------------------------------- 1 | { 2 | "Logging": { 3 | "LogLevel": { 4 | "Default": "Information", 5 | "Microsoft.AspNetCore": "Warning" 6 | } 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /JwtWebApiTutorial/appsettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "AppSettings": { 3 | "Token": "my top secret key" 4 | }, 5 | "Logging": { 6 | "LogLevel": { 7 | "Default": "Information", 8 | "Microsoft.AspNetCore": "Warning" 9 | } 10 | }, 11 | "AllowedHosts": "*" 12 | } 13 | --------------------------------------------------------------------------------