JWT Token Authentication Example with .NET 5

In this article, we will know about JWT Token Authentication and how to create JWT Token-based Web API in .NET 5 or .NET Core.

What is JWT Token Authentication?

As per JWT.io – “JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties.

JWT stands for JSON Web Tokens. It is a Token-based authentication to communicate with the REST endpoints in a secure way. It is a JSON-based token, so you can store a good amount of data within it.

How does JWT Token based Authentication work?

You can understand the JWT Token Authentication process in the below steps.

  • Provide Login credentials (User Name and Password) to authenticate for the first time.
  • The server receives the credentials and checks the information in the data source.
  • On successful authentication, with the help of JWT libraries, the server creates a JSON-based Web Token.
  • For the subsequent communication with the server, the client sends that token instead of User Name and Password. The client adds a JWT token in Header. The syntax is Bearer<space><JWT Token>
  • The server receives the JWT Token and validates the same before allowing the user to further actions.
  • JWT Token has an expiry time. After logout, the JWT token gets flushed.

How to implement JWT Token-Based Authentication in .NET Core?

So, after understanding the concept of JWT Token, let’s implement this in .NET 5-based Web API.

First, create an ASP.NET Core Web API in Visual Studio 2019.

Next, add a controller and name it the DashboardController file. Decorate this controller class with Authorize attribute.

Remove all the code except the first Get() method.

Now, add one Action called Authenticate, as shown in the below code snippet.

Create a Users class as well which has 2 properties UserName and Password.

namespace DotNetCoreAPIAuthTest.Controllers
    public class DashboardController : ControllerBase
        private readonly IJWTTokenAuth jWTTokenAuth;
        public DashboardController(IJWTTokenAuth jWTTokenAuth)
            this.jWTTokenAuth = jWTTokenAuth;
        // GET: api/<DashboardController>
        public IEnumerable<string> Get()
            return new string[] { "value1", "value2" };

        public IActionResult Authenticate([FromBody] Users usrs)
            var jwtToken = jWTTokenAuth.Authenticate(usrs.UserName, usrs.Password);
            if (jwtToken == null)
                return Unauthorized();
                return Ok(jwtToken);

        public class Users
            public string UserName { get; set; }
            public string Password { get; set; }


Add AllowAnonymous attribute to Authenticate action.

Next, Create an Interface

namespace DotNetCoreAPIAuthTest
    public interface IJWTTokenAuth
        string Authenticate(string username, string password);

Create a class and inherit it from the above Interface.

namespace DotNetCoreAPIAuthTest
    public class JWTToeknAuth : IJWTTokenAuth
        private readonly string key;
        public JWTToeknAuth(string key)
            this.key = key;
        public string Authenticate(string username, string password)
            if (username == "test" && password == "12345")
                string issuer = "API URL";
                string audience = "API URL";
                var tokenKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("MyConfidentialKey"));
                var signingCredentials = new SigningCredentials(tokenKey, SecurityAlgorithms.HmacSha256);
                var token = new JwtSecurityToken(issuer, audience, expires: DateTime.Now.AddMinutes(30), signingCredentials: signingCredentials);
                return new JwtSecurityTokenHandler().WriteToken(token);

                return null;

Go to Startup.cs file and in Configure() method add middleware to the request pipeline.


Now, in ConfigureServices() method of Startup.cs file, you need to do some addition.

Register your Authentication class using AddSingleton()

services.AddSingleton<IJWTTokenAuth>(new JWTToeknAuth("MyConfidentialKey"));

The complete code of ConfigureServices() will look like this –

 public void ConfigureServices(IServiceCollection services)
            .AddJwtBearer(x =>
                var serverSecret = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("MyConfidentialKey"));
                x.TokenValidationParameters = new TokenValidationParameters
                    IssuerSigningKey = serverSecret,
                    ValidIssuer = "API URL",
                    ValidAudience = "API URL"
            services.AddSingleton<IJWTTokenAuth>(new JWTToeknAuth("MyConfidentialKey"));

Let’s test our API in POSTMAN.

Open POSTMAN and hit Authenticate action and you will see a Token on your screen.

Next, hit Get action of Dashboard Controller and add Authorization in the header section and set the Value like this – Bearer<space><JWT Token>

You should see the desired result.

Hope you understand the concept of JWT Token-based authentication.

If you have any feedback, please write it down in the comment box below.

Please share this article among your tech group and please do like our Facebook page to join us and get the latest updates.

You may subscribe to the YouTube channel for the latest videos on Programming, Azure and .NET Core, and Cloud Technologies.

You may read this article – ASP.Net Core Interview Questions and Answers

Please follow and like us:

Leave a Comment