Header add

In this article, we will discuss how to authenticate ASP.NET WEB API using JSON Web Token(JWT). If you are new to JWT then we recommend please go through with our previous article which briefly explains A Basic Introduction to JSON Web Token(JWT). You can also read our article ( How to secure ASP.NET Web API using Basic Authentication and Token Based Authentication in Web API).

Create a WEB API Project

To create a WEB API project in Visual Studio, you can follow the given steps step by step.
  • Create New Project ⇒ Project
  • Search ASP.Net web application ⇒ Click Next
  • Enter application name ⇒ Select your project location

Add the below Nuget packages


To add NuGet package you can either use Manage NuGet Packages or you can simply use below command in Package Manager Console.

install-package System.IdentityModel.Tokens.Jwt

  Create the Secret Key

 var symmetric_Key = Convert.FromBase64String(SecretKey);

 var token_Handler = new JwtSecurityTokenHandler();

You can see that the secret key will generated using this code. This key is randomly generated that means when you run again it create different secret key for you.


  Create a Middleware for JWT Authentication

We need a Middleware which can generate JWT and validate it based on some provided required values. To create a Middleware we have to create some classes and some methods.

Create a Folder name JWTAuth in our application and then create given classes with some piece of code having different methods serving different purposes.


JwtAuthManager class having two methods GenerateJWTToken and GetPrincipal.
GenerateJWTToken method needs two values for username and expire_in_Minutes. The username will be used as a value to Initializes a new instance of the System.Security.Claims.Claim class with the specified claim type, and value expire_in_Minutes act as Get or Set value for the ‘expiration’ claim.


JwtAuthentication is used to validate when particular user again requests with the generated token. JwtAuthentication class inheriting Attribute class and IAuthenticationFilter. IAuthenticationFilter is an interface having two declared function AuthenticateAsync and ChallengeAsync.

AuthenticateAsync invokes first when sending a request with the token. Two parameter context and cancellationToken belongs to AuthenticateAsync is used to get a request from the user. context will have the authentication context and cancellationToken will have the token to monitor for cancellation requests.

ValidateToken method having two parameter token and username will validate requested token is exact same or not issued to that particular user based on username. Here comes GetPrincipal method in action, GetPrinciple read token with same and validate it with TokenValidationParameters.


While Validating token, there are chances that authentication might be failed if a request having token is not valid. AuthFailureResult class inherit IHttpActionResult Interface. You have to implement ExecuteAsync that belong to IHttpActionResult. ExecuteAsync is used to perform a task contains the System.Net.Http.HttpResponseMessage when completed.


This is use for authorization, it pass in the header.

➤ Create WEB API Controller

You need to create two different actions one for generating a token, send back to the user and second one for validating that token and expose requested data by the user. You can have both actions in the same controller or can have two separate controllers. It all depends upon the requirement of your project.

In our case we have created two separate controllers, one for creating a token and another one for validate. Have a look at below code.

JwtAuthentication – It is used to at action level to protect it. It is only available when user request with validly issued JWT Token to that particular user.

Done ! We did all requirement of JWT authentication in ASP .NET Web API. Let's test this API in Postman and see how it works.


Step 1: You have to enter a few details before you post details on the server.
  • Enter URL of WEB API with “/RequestToken” like “http://localhost:port/RequestToken

Step 2: Once you get token, again you have to follow some step to authenticate generated token.
  • Enter WEB API URL with “/Values”  like “http://localhost:port/api/Values”
  • Enter Authorization for Key under Header and for Value, you have to enter “Bearer generated-token…” Or, Select authorization type – Bearer Token and Enter Token in Token field.
WAH ! You can see we get our result

</> Find Source Code in Github.com/CoreProgramm/

In this tutorial we discussed JWT Authentication in ASP.NET WEB API. If have any question related to this topic then give your feedback.

You May Also Like...

Post a Comment

Previous Post Next Post