Bearer Token Authentication in ASP.NET Core

For .NET Core 3.0 you would need:

In ConfigureServices(IServiceCollection services):

services.AddAuthentication()
    .AddJwtBearer(options =>
    {
        options.Authority = issuer;
        options.Audience  = audience;
        options.TokenValidationParameters = tokenValidationParameters;
    });

In Configure(IApplicationBuilder app, IWebHostEnvironment env):

// Add it after app.UseRouting() and before app.UseEndpoints()! 
// Order of middlewares is important!
app.UseAuthentication();
app.UseAuthorization();

PS: To omit authentication scheme indication in [Authorize] attribute you could set the default authentication scheme in ConfigureServices(IServiceCollection services) in AuthenticationOptions options:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
});

In ASP.NET Core, the order of the middleware matters: they are executed in the same order as they are registered. Here, app.UseMvc() is called before the JWT bearer middleware, so this can't work.

Put app.UseMvc() at the end of your pipeline and it should work:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = tokenValidationParameters,
    AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
});

app.UseMvc();

Bearer Token Authentication in ASP.NET Core

Tags:

C#

Asp.Net Core

Related

Recent Posts