In the second part on JWT Tokens we will implement a basic user authentication in a REST app based on ASP.NET WEB API 2.
In the first part we’ve learnt about JWT structure and found out how Tokens are working. In the following examples we will use RSA for signing (an asymmetric coding algorithm) and Unity as a dependency injection container.
JWT Token example
To create, sign and validate tokens you can use an existing library provided by Microsoft: System.IdentityModel.Tokens.Jwt. You can download it right through NuGet.
The architecture of our app
MembershipProvider
In the beginning we create a new class (MembershipProvider), which is responsible for downloading claims and validating the user.
using System.Collections.Generic;
using System.Security.Claims;
using Zaven.Practices.Auth.JWT.Providers.Interfaces;
...
public class MembershipProvider : IMembershipProvider
{
public List GetUserClaims(string username)
{
List claims = new List();
claims.Add(new Claim(ClaimTypes.Role, "Admin"));
claims.Add(new Claim(ClaimTypes.Email, "admin93@gmail.com"));
return claims;
}
public bool VerifyUserPassword(string username, string password)
{
if (username == "admin93" && password == "password")
return true;
return false;
}
}
RSAKeyProvider
RSAKeyProvider is responsible for providing the RSA key to encrypt/decrypt the JWT Token. In our example the RSA key is downloaded from a file in our repository, but in a real case scenario it should be kept in a safe place somewhere else.
using System;
using System.IO;
using System.Threading.Tasks;
using System.Security.Cryptography;
using Zaven.Practices.Auth.JWT.Providers.Interfaces;
...
public class RSAKeyProvider : IRSAKeyProvider
{
private string rsaKeyPath;
public RSAKeyProvider()
{
rsaKeyPath = AppDomain.CurrentDomain.BaseDirectory + @"RsaKeys\RsaUserKey.txt";
}
public async Task GetPrivateAndPublicKeyAsync()
{
string result = await ReadPrivateAndPublicKeyAsync();
if (string.IsNullOrEmpty(result))
{
string key = CreatePrivateAndPublicKey();
Boolean isInserted = await InsertPrivateAndPublicKeyAsync(key);
if (isInserted)
result = key;
}
return result;
}
private string CreatePrivateAndPublicKey()
{
RSACryptoServiceProvider myRSA = new RSACryptoServiceProvider(2048);
RSAParameters publicKey = myRSA.ExportParameters(true);
string publicAndPrivateKey = myRSA.ToXmlString(true);
return publicAndPrivateKey;
}
private async Task InsertPrivateAndPublicKeyAsync(string key)
{
Boolean result = false;
try
{
using (StreamWriter fileStream = new StreamWriter(rsaKeyPath))
{
await fileStream.WriteLineAsync(key);
result = true;
}
}
catch(Exception ex)
{
Debug.WriteLine(ex.Message);
result = false;
}
return result;
}
private async Task ReadPrivateAndPublicKeyAsync()
{
String result = null;
try
{
using (StreamReader fileStream = new StreamReader(rsaKeyPath))
{
result = await fileStream.ReadToEndAsync();
}
}
catch(Exception ex)
{
Debug.WriteLine(ex.Message);
}
return result;
}
}
The RSA key is generated in the CreatePrivateAndPublicKey() method using the existing RSACryptoServiceProvider class. The ToXmlString(true) method generates both public and private, while ToXmlString(false) only the public one.
In the next part we’ll move on to AuthService. This is the most important element of the application because it’s responsible for creating, signing and verifying the incoming JWT token.
Sources:
Popular posts
Artificial Intelligence in Medicine
The active development of Artificial Intelligence (AI) plays an increasingly important role in the analysis, diagnosis and monitoring of patient treatment. It also improves patient-doctor contact and automatic reporting. Will modern technologies revolutionize the current health care system? This is what you will learn from the article. What is Artificial Intelligence in medicine? In a […]
Read more
IoMT – Internet of Medical Things
The revolution brought by the Internet of Things (IoT) is beginning to take over more and more areas of everyday life. This also includes the use of such solutions in medicine and health care. This phenomenon is already so common that it has its name – IoMT (Internet of Medical Things). How does IoMT support […]
Read more
Mobile Healthcare Applications
The development of mobile applications dedicated to healthcare has brought about a significant change in the once traditional healthcare industry. What used to involve spending a lot of money, waiting in long queues or consulting many professionals is now often reduced to using a mobile application. By using it, we will make an appointment, consult […]
Read more