Create Solution like below
LoginModel.cs
using System.ComponentModel.DataAnnotations;
namespace UsingAuthorizationWithSwagger.Models
{
public class LoginModel
{
[Required(ErrorMessage = "Email Required")]
public string UserName { get; set; }
[Required(ErrorMessage = "Password Required")]
public string Password { get; set; }
}
}
Product.cs
namespace UsingAuthorizationWithSwagger.Models
{
public class Product
{
public int Id { get; set; }
public string? Name { get; set; }
}
}
ProductStore.cs
using UsingAuthorizationWithSwagger.Models;
namespace UsingAuthorizationWithSwagger.Data
{
public static class ProductStore
{
private static Product[] products = new Product[]
{
new Product { Id = 1, Name = "Rubber duck"},
new Product { Id = 2, Name = "Flip flop"},
new Product { Id = 3, Name = "Magic Wand"},
new Product { Id = 4, Name = "Glitter pen"}
};
public static IEnumerable<Product> GetProducts()
{
return products;
}
public static Product? GetProduct(int id)
{
foreach (var product in products)
{
if (product.Id == id)
return product;
}
return null;
}
}
}
WeatherForecast.cs
namespace UsingAuthorizationWithSwagger
{
public class WeatherForecast
{
public DateTime Date { get; set; }
public int TemperatureC { get; set; }
public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);
public string? Summary { get; set; }
}
}
AuthController.cs
using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using UsingAuthorizationWithSwagger.Models;
namespace UsingAuthorizationWithSwagger.Controllers
{
[Route("api/auth")]
[ApiController]
public class AuthController : ControllerBase
{
[HttpPost]
public IActionResult Login(LoginModel model)
{
if (model == null)
{
return BadRequest("Invalid client request");
}
if (model.UserName == "johndoe" && model.Password == "johndoe2410")
{
var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@2410"));
var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);
var tokenOptions = new JwtSecurityToken(
issuer: "CodeMaze",
audience: "https://localhost:5001",
claims: new List<Claim>(),
expires: DateTime.Now.AddMinutes(5),
signingCredentials: signinCredentials
);
var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);
return Ok(new { Token = tokenString });
}
else
{
return Unauthorized();
}
}
}
}
ProductController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using UsingAuthorizationWithSwagger.Data;
namespace UsingAuthorizationWithSwagger.Controllers
{
[Route("api/product")]
[ApiController]
public class ProductController : ControllerBase
{
[HttpGet, Authorize]
public IActionResult GetAllProducts()
{
var products = ProductStore.GetProducts();
return Ok(products);
}
[HttpGet("{id}")]
public IActionResult GetAProduct(int id)
{
var product = ProductStore.GetProduct(id);
if (product is null)
return NotFound();
return Ok(product);
}
}
}
WeatherForecastController.cs
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace UsingAuthorizationWithSwagger.Controllers
{
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
private readonly ILogger<WeatherForecastController> _logger;
public WeatherForecastController(ILogger<WeatherForecastController> logger)
{
_logger = logger;
}
[HttpGet(Name = "GetWeatherForecast"),Authorize]
public IEnumerable<WeatherForecast> Get()
{
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = Random.Shared.Next(-20, 55),
Summary = Summaries[Random.Shared.Next(Summaries.Length)]
})
.ToArray();
}
}
}
appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*"
}
Program.cs
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddAuthentication(opt =>
{
opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "CodeMaze",
ValidAudience = "https://localhost:5001",
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@2410"))
};
});
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen(opt =>
{
opt.SwaggerDoc("v1", new OpenApiInfo { Title = "MyAPI", Version = "v1" });
opt.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
In = ParameterLocation.Header,
Description = "Please enter token",
Name = "Authorization",
Type = SecuritySchemeType.Http,
BearerFormat = "JWT",
Scheme = "bearer"
});
opt.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type=ReferenceType.SecurityScheme,
Id="Bearer"
}
},
new string[]{}
}
});
});
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI();
}
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
app.Run();
public partial class Program { }
Run the project and login, then you will get token
Expand "api/auth" , click on "Try it out" , enter login details and click on "Execute" to show output
Copy "Token" and enter in Authorize popup. When click on "Authorize" , it will authorize all application.
