avatarFuji Nguyen

Summary

This tutorial guides readers through configuring an ASP.NET WebAPI project to secure endpoints using IdentityServer4 for JWT validation.

Abstract

The article is the fourth in a series aimed at developers looking to secure ASP.NET WebAPI projects. It builds upon the previous tutorial, which covered setting up a Secure Token Service (STS). The current tutorial outlines the steps to integrate IdentityServer4 with a WebAPI project to validate JSON Web Tokens (JWT). It includes prerequisites such as Visual Studio 2019 and a Git client, and is divided into two main parts: downloading the WebAPI EmployeeProfile source code from GitHub and running it on localhost, and setting up and configuring WebAPI security. The tutorial emphasizes the importance of using the recommended folder structure for ease of reference in future tutorials. It also demonstrates how to require a valid JWT for accessing WebAPI endpoints by using the [Authorize] attribute. The article concludes with a summary and links to related tutorials for further learning.

Opinions

  • The author suggests that it is highly recommended to follow the specified folder naming convention for consistency and ease of reference in subsequent tutorials.
  • The tutorial implies that using Visual Studio's Start button or pressing F5 is the preferred method for running the solution.
  • The article conveys the opinion that the [Authorize] attribute is a key component in ensuring that only requests with valid JWT tokens can access the WebAPI.
  • By providing a link to a related tutorial on rapid prototyping with Asp.Net Core REST API, the author indicates the value of using templates and patterns like Clean Architecture, Repository Pattern, Unit of Work, Dapper, SQLKata, and Swagger for efficient development.

IdentityServer4 WebAPI JWT validation against | Tutorial 4

Photo by Jason Hafso on Unsplash

In the previous tutorial 3, you have learned to set up the Secure Token Service. In this tutorial 4, you will learn how to configure an ASP.NET WebAPI project to work with IdentityServer4 to secure WebAPI. In tutorial 5, you will learn to set up an Angular SPA to call secured WebAPI. See Figure 1 for the relationship between tutorials 3, 4, and 5.

Figure 1 — Tutorial Outline

Prerequisites

  1. Visual Studio 2019 (community edition is ok)
  2. Git client

Tutorial Content

This tutorial has two parts

  1. Download the WebAPI EmployeeProfile source code from Github and run the project on localhost
  2. Setup/configure WebAPI security.

Part 1— Download the WebAPI EmployeeProfile source code from Github and run the project on localhost

Task 1 — Download source code

To download the source code, follow the steps below

  1. Create folder C:\apps\devkit\ApiResources
  2. Open command prompt and change to the directory C:\apps\devkit\ApiResources
  3. Run “git clone https://github.com/workcontrolgit/devkit-apiresources-employeeprofileapi EmployeeProfileAPI” (this command will download the source code from Github and save into folder Open command prompt and change to the directory C:\apps\devkit\ApiResources\EmployeeProfileAPI)

See Figure 2 for a screenshot of the source code location and content in the folder C:\apps\devkit\ApiResources\EmployeeProfileAPI. It is highly recommended that you use the same folder naming convention to make it easy to reference the location of the source code in future tutorials.

Figure 2 — Source Code folder

Task 2 — Run STS solution in Visual Studio

The EmployeeProfileAPI solution contains two projects EmployeeProfileAPI and EmployeeProfileAPI.Test as shown in Figure 3.

Figure 3 — EmployeeProfileAPI solution

To run the EmployeeProfileAPI solution in the Visual Studio, follow the steps below

  1. Start Visual Studio and open the EmployeeProfileAPI.sln from C:\apps\devkit\ApiResources\EmployeeProfileAPI folder
  2. Click on the Start button on the menu bar to run the solution (or Hit F5 key)

You should see an instance of EmployeeProfileAPI running on port 44321 as shown in Figure 4.

Figure 4 — EmployeeProfile WebAPI

Part 2— Setup/configure WebAPI security

You can find the block of code to validate the token in the RegisterIdentityServerAuthentication.cs as shown in Figure 5.

Figure 5 — Integration with IdentifyServer4

If the WebAPI request has a valid JWT token, it can access the WebAPI. To require valid JWT, add [Authorize] attribute the controller as shown in Figure 6.

Figure 6 — Use Authorize attribute to require valid JWT

Related Tutorials

Rapid Prototype Asp.Net Core REST API using KissApi Template — use Visual Studio template to generate Clean Architecture solution based on Repository Pattern, Unit of Work, Dapper, SQLKata, and Swagger.

Summary

This tutorial provides step by step instructions to set up and configure an ASP.NET WebAPI project to work with IdentityServer 4. To view all other related tutorials, visit DevKit WebAPI Security.

Identityserver4
Recommended from ReadMedium
avatarSuryaprakash
How to integrate MSAL into Angular 18 Standalone and .Net Application ?

How to integrate MSAL into Angular 18 Standalone and .Net Application ?

2 min read
avatarCydexCode
How to Secure an ASP.NET Application using JWT Tokens

This Article demonstrates how to secure an ASP.NET Core Web API using JSON Web Tokens (JWT) for authentication and authorization.

8 min read
avatarMilan Jovanović
Refit in .NET: Building Robust API Clients in C#

As a .NET developer, I’ve spent countless hours working with external APIs. It’s a crucial part of modern software development, but let’s…

7 min read
avatarMohammad Al Bourm
Boost Your Efficiency: Automatically Register Minimal APIs in ASP.NET Core

Streamline Development with Automatic Minimal API Registration in ASP.NET Core

4 min read
avatarKratika
Mastering JWT Authentication in .NET Core: A Comprehensive Guide

JSON Web Tokens (JWT) have become a standard for securing communication between a client and a server in modern web applications. Unlike…

4 min read
avatarR M Shahidul Islam Shahed
.NET 8.0 Web API 🔒 JWT Authentication and Role-Based Authorization

In today’s digital landscape, securing web applications is paramount. As .NET 8.0 continues to evolve, it offers powerful tools to ensure…

4 min read