ASP.NET Core Web API Authentication and Authorization with JWT (Json Web Token)

Thank you - this was perfect! I liked the fast pace and length of the tutorial. Your tutorial is uncluttered, clear, and to the point. Keep making more!

Clear, crisp and quality teaching by saving the time too, great man!

This is the best tutorial on JWT Authentication and Authorization I've ever seen so far, Thank you so much for your efforts.

Great video, @Code with Julian. Well done.
In the Authenticate method in the LoginController class, there's no need to check for null. The Linq FirstOrDefault(...) will return null if the user with the conditions is not found, otherwise, it will return a user model.
Thank you for the video.

Bro this tutorial just saved me today, thanks so much, your calmness and pace of everything in the way you teach is excellent please keep it up

Complex matters explained with simplicity. Thank you for sharing your great work!

Your tutorial is amazing, very much what I was looking for to create a production-level API with authentication, you explained stuff clearly, very detailed and well-explained and code is easy to follow without complexity and unnecessary filler codes that can be used as a template in corporate APIs. I've had paid subscriptions on Pluralsight and LinkedIn Learning, but the way you teach and this example topples most of the ones I've seen in those paid online courses where all they've done is pad their tutorials with unnecessary junk of codes to make it longer but pretty difficult to implement! I've subscribed and will definitely watch all your videos, thanks and keep it up!

Omg Bro, you're incredible. I tried to add this functionality for a very long time and nothing ended with success. But your video solved my problem just in 30 minutes. And one more thing, your English is very understandable for non-native speakers. Thank you a lot!

Just passed by that one and it was so straight-forward for me. Keep it up and thank you for such an awesome content

Thanks so much Julian for making me understand this easily. Subscribed and will keep following updates here.

Thank you for the simple and effective explanation. I was really stuck on how to decode jwt token to get user detials, and didnt got any perfect solution for this problem. But you did a great job at this.

the best on youtube that explaine it , the exemples of success and failings , helps a lot , keep it up sir

It's the subject I've been looking for for a long time and the best resource I've found. Thanks...

This video was very helpful, thanks for this. Please continue to create more content.

short, to the point, and a nice tutorial. Kudos to Jason and Elysse

This is very well done, thank you so much for making this!

Thank you, Julian, very easy to understand.

I was looking for this for a long time. Watched tons of garbage. Finally I've found the exact video I was looking for. Every single thing I need is in the video. Thanks for sharing this useful tutorial.

you saved my graduate project
thank u

Thank you for the great tutorial!

Thaks a lot the way of your teaching is so clear and straightforward.

This is a great tutorial. Clear explanation and good examples. Thank you very much.

Hey Julian, thanks for this informative video. I appreciate your efforts to make this useful content. I liked how you explained all about JWT & authentication in steps.
Thanks and keep sharing.
Edit: I subscribed the channel. 😊

Brilliant Explanation you made this topic so simple by your explanation

If you are using .NET 6, add this to your program.cs file
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudience = builder.Configuration["Jwt:Audience"],
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])
)
};
});
var app = builder.Build();

@Code With Julian Thanks for the video. This tutorial gave me an idea about JWT tokens implementation

That was so helpful ,Thank you so much .

Simply Awesome. Thanks for creating awesome tutorial. Keep great work up.

Great Tutorial, you should post one where you refresh the tokens.

Thanks a lot for making this, it really helped me out!

This was exactly what I needed. Great job. Look forward to more.

Thanks Julian, you're very clear and tbe video is very useful.

Thank you. This was super helpful!

Perfect explanation , straight to the point ! Thank you

Valuable lesson. Thanks Julian.

Thanks for the video. Good stuff!

Fantastic explanation Julian. Subscribed. Nice one, mate

Thank you so much, it helped me a lot

Everything in one go, Thanks for the video.

Thanks..... I've now created my first Web API thanks to you

Nice, you explained necessary code

Perfect, I will use it for my apprentices. Thanks a lot!

Your video is very very useful , Thank you!

Simple and Neat explanation, Great Job

Excelent tutorial, very precise. Thanks !

Thank you so much …this tutorial helped me in my interview …

Amazing Tutorial

You are so awesome. Thank you! This has been so helpful

Amazing work. Thanks for the great explanation. May all your work success and shine bright..

Thank you very much! This is useful video

Thanks, it is a clear teaching.

You are doing great work
Keep the good work goin brother

that was awesome, Julian! You reminds me the dude from Silicon Valley TV Show xd. I rly appreciate for the video's content.

this is one of the best tech videos i've watched for a long time!

Thanks for this video!

It`s nice tutorial ! Not too long, but very useful ! Thanks. Subscribed.

Thank you - this was perfect!

Very clear and easy to understand ..Thanks

Thank you so much for your excellent tutorial 🖐😄

Can you authorize controllers instead of doing one end point at the time for admins/other-users?

Best tutorial on the subject, thank you bro

hi, i have a question. can i use jwt as authentication, then i have 2 client which is web and mobile apps. so when user log in in web it will get access token for that web client, and when the same user log in into mbile apps it will get access token for that app client. therefore if 1 of the client is logged out by the user, the other client shouldnt log out. just want to know is this still correct practice. because i have confused with identityserver, AOuth 2.0

thank you so much 🙏

man, you are awesome. Thank you very much for this video. You are a hero that saved me a lot of time!

This was so precisely explained, well done. Thank You so much for this video. I have one question. If I want to make connection to Postgresql database with Visual Studio, what should I do?

any idea, why I am getting below error when I try to access API having [Authorization]?
System.InvalidOperationException: No authenticationScheme was specified, and there was no DefaultChallengeScheme found. The default schemes can be set using either AddAuthentication(string defaultScheme) or AddAuthentication(Action configureOptions).

Awesome Awesome just awesome... Amazing video

there is very important point for UseAuthentication method call. The calling order should be like that for net5 and upper versions,
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
Otherwise you will continue to get 401 error due to middleware execution order.

Thank you!

thank you so much for this tutorial!!

Any reason why you didn’t choose .NET 6 since that’s already released and has so much of performance improvements?

Worked perfectly! some detailed explanation about JWT settings might have helped more in understanding internals

Short and to the point, Thanks Julian. I have 1 doubt .what is the significance of creating new instance of UserModel in getCurrentUser method in UserController?

Hey, Can you please help with encrypting and decrypting the JWT? It doesn't seem to work in dotnet.

Great tutorial. Loved it!

Excellent tutorial !!!, my english is basic and i use the automatic provide for youtube translator in spanish and is a really nice, this is because u audio is so god. Thanks :)!

I created an asp.net core mvc web application for individual accounts. I abstracted out EF core, and have all the authorization/2FA, pw reset, email authorization, account lockout... etc, handling in place. I eventually would like to create a mobile application to go with it. I planned on having the user use the website for setting up/editing their account personal details, and password changes/reset. I figure right now is a good place to create the Web API and start configuring now common data access/changes the web app and mobile application will use. What is the best way to approach this, and leave the current authorization/authentication in place for the web application, but have it also authenticate to the web api? Thank you!

you are amazing can you do a vedio on sending requests from a client react app side to the api,i would like to see how it works with jwt,am interested in the logic.Otherwise your tutorial is the best on jwt

I did exactly like you, not missing even a single syntax but keep receiving the "missing of Kid" which is KeyId. Can you help?

Big up brother , its a great tutorial

wow amazing tutorial

Great
I see you added api controller to razor page project.
How can I make use of the 2 controllers in the razor pages ?

Excellent Sir
doubts are cleared now

Hi Julian, tbh, first video that I watched that went straight to the point w/o to many irrelevant informations, great job. Small question, how much of this is relevant for .NET 6 API (Not minimal)

great Tutotial is just that i need, please have a question how pass this auhorization in a method of mvc, i tell you i put the [Authorize] in one method but altougth im autheticated the response is unauthorized please and thanks for your time

where to provide jwt token into code after generate? I seen you do this in postman.

Does this also work when my project type is Web Api and not web application?

excellent!!

great, I love it

Best Video to learn about JWT TOken Authentication and Authorisation
1. Simple explanation
2. Clear command over topic
3. step by step by explanation
4. Working code link

Please for the love of all things good, where can I find the article on this within the microsoft authentication. I would like to read on it for indepth details

Where can i get JWT key value in appsetting.json ?

Great video :)

nice video, thanks for everything :)

What's the difference between using this and identityuser from identity package?

Thank you 😁

What if i am used to asp net core project not api?

Does this also work with .Net 6 ??

Sir kindly describe how to put in cookie and using after the login?