JSON Web Token Authentication with C#

A guide on how to implement JSON Web Token (JWT) authentication in C#. This article will show how to create, sign, and validate JWTs to secure APIs and authenticate users.

In this article, we will explore how to use JSON Web Token (JWT) in C# to authenticate users. JWT is an open standard for securely encoding user information, commonly used to secure APIs. We will learn how to generate a JWT, sign it with a secret key, and validate the JWT when receiving user requests.

C# Code:

using System;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using Microsoft.IdentityModel.Tokens;

class Program
{
    // Generate and sign JWT
    public static string GenerateJwtToken(string username, string secretKey)
    {
        // Claims to include in the JWT
        var claims = new[]
        {
            new Claim(JwtRegisteredClaimNames.Sub, username),
            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
        };

        // Encode the security key
        var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey));
        var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

        // Create the token
        var token = new JwtSecurityToken(
            issuer: "yourapp.com",
            audience: "yourapp.com",
            claims: claims,
            expires: DateTime.Now.AddMinutes(30),
            signingCredentials: creds
        );

        return new JwtSecurityTokenHandler().WriteToken(token);
    }

    // Validate JWT
    public static ClaimsPrincipal ValidateJwtToken(string token, string secretKey)
    {
        var tokenHandler = new JwtSecurityTokenHandler();
        var key = Encoding.UTF8.GetBytes(secretKey);

        // Token validation parameters
        var validationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateIssuerSigningKey = true,
            ValidIssuer = "yourapp.com",
            ValidAudience = "yourapp.com",
            IssuerSigningKey = new SymmetricSecurityKey(key),
            ValidateLifetime = true,
            ClockSkew = TimeSpan.Zero
        };

        try
        {
            var principal = tokenHandler.ValidateToken(token, validationParameters, out SecurityToken validatedToken);
            return principal;
        }
        catch
        {
            return null; // Token is invalid
        }
    }

    static void Main()
    {
        string secretKey = "your-256-bit-secret"; // Your secret key
        string token = GenerateJwtToken("user123", secretKey);
        Console.WriteLine("JWT Token: " + token);

        var claimsPrincipal = ValidateJwtToken(token, secretKey);
        if (claimsPrincipal != null)
        {
            Console.WriteLine("Valid token. User: " + claimsPrincipal.Identity.Name);
        }
        else
        {
            Console.WriteLine("Invalid token");
        }
    }
}

Detailed explanation:

  1. new Claim(JwtRegisteredClaimNames.Sub, username): Adds user information to the JWT.
  2. new SymmetricSecurityKey(...): Creates a symmetric security key from the secret string.
  3. new JwtSecurityToken(...): Generates a new token containing user info, expiration time, and signing credentials.
  4. tokenHandler.ValidateToken(...): Validates the JWT based on parameters such as the secret key and expiration time.

System requirements:

  • .NET Core or .NET Framework
  • System.IdentityModel.Tokens.Jwt library

How to install the libraries:

Run the following command to install the JWT library in C#:

dotnet add package System.IdentityModel.Tokens.Jwt

Tips:

  • Always store secret keys securely and avoid hardcoding them in your source code.
  • Use HTTPS to ensure secure transmission of JWTs over the network.

Related

How to GET JSON data from an API using C#

A guide on how to retrieve JSON data from an API using C#, leveraging the HttpClient class and Newtonsoft.Json library for processing data.
Guide to Reading Excel Files Using C#

A comprehensive guide on how to read content from Excel files (.xlsx, .xls) using C#, utilizing the EPPlus library with step-by-step installation and illustrative examples.
How to INSERT data into a MySQL database using C#

A guide on how to use Prepared Statements in C# to insert data into a table in a MySQL database safely and effectively.
Multithreading in C#

A comprehensive guide on how to implement multithreading in C# to make better use of CPU resources and enhance application performance by executing multiple tasks simultaneously.
Generating Captcha Code in C#

A guide on how to create a Captcha code using C# to protect web forms and applications from automated access. This tutorial demonstrates how to use the `System.Drawing` library to generate Captcha images.
How to automatically log into a website using Selenium with Chrome in C#

A guide on how to use Selenium in C# to automatically log into a website. This article will use the Chrome browser and outline step-by-step how to automate the login process.
Common Functions Used with Selenium Chrome in C#

This article lists and describes common functions used when working with Selenium Chrome in C#. These functions help automate tasks in the Chrome browser effectively.
How to Write Data to Excel File in C#

A detailed guide on how to write data to an Excel file in C# using the EPPlus library, making it easy to store and manage data in Excel spreadsheets.
How to DELETE data from a MySQL database using C#

A guide on how to use Prepared Statements in C# to delete data from a table in a MySQL database safely and effectively using multiple parameters.
Create a Simple Chat Application Using Socket.IO in C#

A detailed guide on how to create a simple chat application using Socket.IO in C#, helping you understand real-time communication and build interactive applications.
main.add_cart_success
main.view_cart_and_checkout