Using Authorization with Swagger in ASP.NET Core

 Create Solution like below

LoginModel.cs

using System.ComponentModel.DataAnnotations;

namespace UsingAuthorizationWithSwagger.Models

{

    public class LoginModel

    {

        [Required(ErrorMessage = "Email Required")]

        public string UserName { get; set; }

        [Required(ErrorMessage = "Password Required")]

        public string Password { get; set; }

    }

}

Product.cs

namespace UsingAuthorizationWithSwagger.Models

{

    public class Product

    {

        public int Id { get; set; }

        public string? Name { get; set; }

    }

}

ProductStore.cs

using UsingAuthorizationWithSwagger.Models;

namespace UsingAuthorizationWithSwagger.Data

{

    public static class ProductStore

    {

        private static Product[] products = new Product[]

        {

            new Product { Id = 1, Name = "Rubber duck"},

            new Product { Id = 2, Name = "Flip flop"},

            new Product { Id = 3, Name = "Magic Wand"},

            new Product { Id = 4, Name = "Glitter pen"}

        };

        public static IEnumerable<Product> GetProducts()

        {

            return products;

        }

        public static Product? GetProduct(int id)

        {

            foreach (var product in products)

            {

                if (product.Id == id)

                    return product;

            }

            return null;

        }

    }

}

WeatherForecast.cs

namespace UsingAuthorizationWithSwagger

{

    public class WeatherForecast

    {

        public DateTime Date { get; set; }

        public int TemperatureC { get; set; }

        public int TemperatureF => 32 + (int)(TemperatureC / 0.5556);

        public string? Summary { get; set; }

    }

}

AuthController.cs

using Microsoft.AspNetCore.Mvc;

using Microsoft.IdentityModel.Tokens;

using System.IdentityModel.Tokens.Jwt;

using System.Security.Claims;

using System.Text;

using UsingAuthorizationWithSwagger.Models;

namespace UsingAuthorizationWithSwagger.Controllers

{

    [Route("api/auth")]

    [ApiController]

    public class AuthController : ControllerBase

    {

        [HttpPost]

        public IActionResult Login(LoginModel model)

        {

            if (model == null)

            {

                return BadRequest("Invalid client request");

            }

            if (model.UserName == "johndoe" && model.Password == "johndoe2410")

            {

                var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@2410"));

                var signinCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);

                var tokenOptions = new JwtSecurityToken(

                    issuer: "CodeMaze",

                    audience: "https://localhost:5001",

                    claims: new List<Claim>(),

                    expires: DateTime.Now.AddMinutes(5),

                    signingCredentials: signinCredentials

                );

                var tokenString = new JwtSecurityTokenHandler().WriteToken(tokenOptions);

                return Ok(new { Token = tokenString });

            }

            else

            {

                return Unauthorized();

            }

        }

    }

}

ProductController.cs

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Mvc;

using UsingAuthorizationWithSwagger.Data;

namespace UsingAuthorizationWithSwagger.Controllers

{

    [Route("api/product")]

    [ApiController]

    public class ProductController : ControllerBase

    {

        [HttpGet, Authorize]

        public IActionResult GetAllProducts()

        {

            var products = ProductStore.GetProducts();

            return Ok(products);

        }

        [HttpGet("{id}")]

        public IActionResult GetAProduct(int id)

        {

            var product = ProductStore.GetProduct(id);

            if (product is null)

                return NotFound();

            return Ok(product);

        }

    }

}

WeatherForecastController.cs

using Microsoft.AspNetCore.Authorization;

using Microsoft.AspNetCore.Mvc;

namespace UsingAuthorizationWithSwagger.Controllers

{

    [ApiController]

    [Route("[controller]")]

    public class WeatherForecastController : ControllerBase

    {

        private static readonly string[] Summaries = new[]

        {

        "Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"

    };

        private readonly ILogger<WeatherForecastController> _logger;

        public WeatherForecastController(ILogger<WeatherForecastController> logger)

        {

            _logger = logger;

        }

        [HttpGet(Name = "GetWeatherForecast"),Authorize]

        public IEnumerable<WeatherForecast> Get()

        {

            return Enumerable.Range(1, 5).Select(index => new WeatherForecast

            {

                Date = DateTime.Now.AddDays(index),

                TemperatureC = Random.Shared.Next(-20, 55),

                Summary = Summaries[Random.Shared.Next(Summaries.Length)]

            })

            .ToArray();

        }

    }

}

appsettings.json

{

  "Logging": {

    "LogLevel": {

      "Default": "Information",

      "Microsoft": "Warning",

      "Microsoft.Hosting.Lifetime": "Information"

    }

  },

  "AllowedHosts": "*"

}

Program.cs

using Microsoft.AspNetCore.Authentication.JwtBearer;

using Microsoft.IdentityModel.Tokens;

using Microsoft.OpenApi.Models;

using System.Text;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();

builder.Services.AddAuthentication(opt =>

{

    opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

    opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

})

    .AddJwtBearer(options =>

    {

        options.TokenValidationParameters = new TokenValidationParameters

        {

            ValidateIssuer = true,

            ValidateAudience = true,

            ValidateLifetime = true,

            ValidateIssuerSigningKey = true,

            ValidIssuer = "CodeMaze",

            ValidAudience = "https://localhost:5001",

            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@2410"))

        };

    });

builder.Services.AddEndpointsApiExplorer();

builder.Services.AddSwaggerGen(opt =>

{

    opt.SwaggerDoc("v1", new OpenApiInfo { Title = "MyAPI", Version = "v1" });

    opt.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme

    {

        In = ParameterLocation.Header,

        Description = "Please enter token",

        Name = "Authorization",

        Type = SecuritySchemeType.Http,

        BearerFormat = "JWT",

        Scheme = "bearer"

    });

    opt.AddSecurityRequirement(new OpenApiSecurityRequirement

    {

        {

            new OpenApiSecurityScheme

            {

                Reference = new OpenApiReference

                {

                    Type=ReferenceType.SecurityScheme,

                    Id="Bearer"

                }

            },

            new string[]{}

        }

    });

});

var app = builder.Build();

// Configure the HTTP request pipeline.

if (app.Environment.IsDevelopment())

{

    app.UseDeveloperExceptionPage();

    app.UseSwagger();

    app.UseSwaggerUI();

}

app.UseHttpsRedirection();

app.UseRouting();

app.UseAuthentication();

app.UseAuthorization();

app.UseEndpoints(endpoints =>

{

    endpoints.MapControllers();

});

app.Run();

public partial class Program { }

Run the project and login, then you will get token

Expand "api/auth" , click on "Try it out" , enter login details and click on "Execute" to show output

Copy "Token" and enter in Authorize popup. When click on "Authorize" , it will authorize all application.