This blog post will explore extracting a JWT token from incoming requests using C#.
We will explore two methods using Minimal APIs, but it's the same process for MVC Controllers.
JSON Web Tokens (JWT) have become famous for securing web applications and APIs. JWTs provide a way to transmit claims between parties securely and are widely used for authentication and authorization purposes.
Table of Contents
Method 1: Getting JWT from Authentication Context
This is the best way because it doesn't rely on the HTTP Headers. It uses the Authentication process instead.
PS.: The Authentication pipeline should be processed at this time.
using Microsoft.AspNetCore.Authentication; app.MapGet("/jwt-token/context", async (HttpContext ctx) => { //get the access token from the HttpContext string token = await ctx.GetTokenAsync("access_token"); return TypedResults.Ok(new { token = token }); }); Get Access Token from Authentication Context
Method 2: Parsing JWT Token from HTTP Headers
To retrieve the JWT token from a request, we need to access the request headers and extract the value of the "Authorization" header.
Here's a second example of how to parse the JWT token from a request:
app.MapGet("/jwt-token/headers", (HttpContext ctx) => { if (ctx.Request.Headers.TryGetValue("Authorization", out var headerAuth)) { var jwtToken = headerAuth.First().Split(new[] { ' ' }, StringSplitOptions.RemoveEmptyEntries)[1]; return Task.FromResult( TypedResults.Ok(new { token = jwtToken }) ); } return Task.FromResult( TypedResults.NotFound(new { message = "jwt not found" }) ); }); Get Access Token from Headers
Source Code
https://github.com/ricardodemauro/Labs.JwtAuthentication
Conclusion
Extracting a JWT token from a request is a fundamental step in securing web applications and APIs.
Remember to handle error scenarios and follow best practices to ensure the security of your application.
Top comments (0)