In order to handle JWT-based token authentication, we need to properly set up the ASP.NET Core Identity service to ensure that it will handle these tasks:
- Generate a JWT token upon each username/password POST request coming from our clients
- Validate any JWT token coming with HTTP requests by looking at the headers of the request itself
That said, the first thing to do is define the required steps we need to take care of:
-
Add and configure the authentication service in the Startup.cs file.
-
Update the appsettings.json and appsettings.Development.json files to store the required JWT security information (issuer and security key).
-
Create a TokenController that will accept POST requests carrying the user credentials (username and password), validate them, and generate JWT tokens accordingly.
-
Create an Angular LoginComponent with a Model-Driven login form to allow our users to perform the login.
-
Create an Angular AuthService that will handle login/logout and store the JWT token so it can be reused.
-
Find a way to add the JWT Bearer token (if present) to the headers block of each request.
Sounds like a plan...let's do this! It goes without saying that the first three tasks affect the server-side part of our web application and are therefore meant to be done using .NET Core, while the remaining three are mostly related to our client-side Angular app.