6666666 avatar image
0 Votes"
6666666 asked ZhiLv-MSFT answered

The auth is not working in .net core web api?

I created a project and in startup.cs add app.UseAuthentication(); and app.UseAuthrization();

and services.AddAuthentication().AddJwtBearer();

in the login controller I create the token but use the token I still get 401 not authorized why?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ZhiLv-MSFT avatar image
0 Votes"
ZhiLv-MSFT answered

Hi @6666666,

To implement JWT authentication in Core application, you could refer the following steps:

  1. Install the "Microsoft.AspNetCore.Authentication.JwtBearer" package via Nuget.

  2. In the API application startup.cs file, configure the authentication schema with JWT bearer options.

        ////reuqired the following reference:
         //using Microsoft.AspNetCore.Authentication.JwtBearer;
         //using Microsoft.IdentityModel.Tokens;
         //using System.Text;
         // This method gets called by the runtime. Use this method to add services to the container.
         public void ConfigureServices(IServiceCollection services)
              .AddJwtBearer(options =>
                  options.TokenValidationParameters = new TokenValidationParameters
                      ValidateIssuer = true,
                      ValidateAudience = true,
                      ValidateLifetime = true,
                      ValidateIssuerSigningKey = true,
                      ValidIssuer = Configuration["Jwt:Issuer"],
                      ValidAudience = Configuration["Jwt:Issuer"],
                      IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
             services.AddSwaggerGen(c =>
                 c.SwaggerDoc("v1", new OpenApiInfo { Title = "APIApplication", Version = "v1" });
         // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
         public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             if (env.IsDevelopment())
                 app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "APIApplication v1"));
             //keep the middleware order.
             app.UseEndpoints(endpoints =>

  3. Store JWT values (Such as: issuer, audience, signing key) in appsettings.json file

        "Jwt": {
             "Key": "ThisismySecretKey",
             "Issuer": ""

  4. Generate JSON Web Token: Create a Login controller and after valid user, generate the JWT token.

      //required the following reference:
         //using Microsoft.Extensions.Configuration;
         //using Microsoft.AspNetCore.Authorization;
         //using APIApplication.Models;
         //using Microsoft.IdentityModel.Tokens;
         //using System.IdentityModel.Tokens.Jwt;
         //using System.Text;
         public class LoginController : ControllerBase
             private IConfiguration _config;
             public LoginController(IConfiguration config)
                 _config = config;
             public IActionResult Login([FromBody] UserModel login)
                 IActionResult response = Unauthorized();
                 var user = AuthenticateUser(login);
                 if (user != null)
                     var tokenString = GenerateJSONWebToken(user);
                     response = Ok(new { token = tokenString });
                 return response;
             private string GenerateJSONWebToken(UserModel userInfo)
                 var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]));
                 var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
                 var token = new JwtSecurityToken(_config["Jwt:Issuer"],
                   expires: DateTime.Now.AddMinutes(120),
                   signingCredentials: credentials);
                 return new JwtSecurityTokenHandler().WriteToken(token);
             private UserModel AuthenticateUser(UserModel login)
                 UserModel user = null;
                 //Validate the User Credentials    
                 //Demo Purpose, I have Passed HardCoded User Information    
                 if (login.Username == "Jignesh")
                     user = new UserModel { Username = "Jignesh Trivedi", EmailAddress = "" };
                 return user;
     The UserModel model as below:
         public class UserModel
             public string Username { get; set; }
             public string EmailAddress { get; set; }

  5. Apply the JWT authentication, add the [Authorize] attribute at the header of the action method.

         public class ToDoController : ControllerBase
             // GET: api/<ToDoController>
             [Authorize]   //required using Microsoft.AspNetCore.Authorization;
             public IEnumerable<string> Get()
                 return new string[] { "value1", "value2" };

Then, use Postman to check it, the result as below: When we access the ToDoController without a JWT token, we will get 401 (UnAuthorizedAccess) HTTP status code as a response. After calling the LoginController and get the JWT token, we can add it in the HTTP header, then, we can access the action success.


Besides, if you want to access the API with HttpClient, you can refer the following sample code to add the JWT token to the request header.

             HttpClient client = new HttpClient();
             client.BaseAddress = new Uri("https://localhost:44310/api/todo/");
                     .Add(new MediaTypeWithQualityHeaderValue("application/json"));//ACCEPT header

             var url = "relativeAddress"; //add the `[Route("relativeAddress")]` in the API action method.
             HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, url);

             //add jwt token to the header
             var authString = "jwt token";
             request.Headers.Add("Authorization", $"Bearer {authString}"); 
             request.Content = new StringContent("{\"name\":\"John Doe\",\"age\":33}",
                                                 "application/json");//CONTENT-TYPE header
             _logger.LogInformation("Create http request");
             await client.SendAsync(request)
                     .ContinueWith(async responseTask =>
                         Console.WriteLine("Response: {0}", responseTask.Result);
                         var Content = await responseTask.Result.Content.ReadAsStringAsync();

If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Best regards,

3.gif (558.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AgaveJoe avatar image
0 Votes"
AgaveJoe answered 6666666 commented
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The 2nd url is core 3 Is there any new?

0 Votes 0 ·

I do as it but still not work and I do not know where is wrong.

0 Votes 0 ·