![]() ![]() Running in debug mode allows you to attach breakpoints to pause execution and step through the application code. You can also start the application in debug mode in VS Code by opening the project root folder in VS Code and pressing F5 or by selecting Debug -> Start Debugging from the top menu. Start the api by running dotnet run from the command line in the project root folder (where the WebApi.csproj file is located), you should see the message Now listening on: Follow the instructions below to test with Postman or hook up with the example Angular application available.Download or clone the tutorial project code from.Running the ASP.NET Core JWT with Refresh Tokens API Locally ![]() NET Core applicationsįor detailed instructions see ASP.NET Core - Setup Development Environment. C# extension for Visual Studio Code - adds support to VS Code for developing.Visual Studio Code - code editor that runs on Windows, Mac and Linux.To develop and run ASP.NET Core applications locally, download and install the following: Tools required to run the ASP.NET Core 3.1 JWT Example Locally Running an Angular 9 app with the ASP.NET Core API.Tools required to develop ASP.NET Core 3.1 applications.The tutorial project is available on GitHub at. For an example api that uses SQLite in development and SQL Server in production see this post. This can be easily switched out to a real db provider when you're ready to work with a database such as SQL Server, Oracle, MySql etc. To keep the api code as simple as possible, it is configured to use the EF Core InMemory database provider which allows Entity Framework Core to create and connect to an in-memory database rather than you having to install a real db server. /users//refresh-tokens - secure route that accepts HTTP GET requests and returns a list of all refresh tokens (active and revoked) of the user with the specified id.If there is no auth token or the token is invalid then a 401 Unauthorized response is returned. /users - secure route that accepts HTTP GET requests and returns a list of all the users in the application if the HTTP Authorization header contains a valid JWT token.If the refresh token is valid and active then it is revoked and can no longer be used to refresh JWT tokens. /users/revoke-token - secure route that accepts HTTP POST requests containing a refresh token either in the body or in a cookie, if both are present the token in the body is used.If the cookie exists and the refresh token is valid then a new JWT authentication token and the user details are returned in the response body, a new refresh token cookie (HTTP Only) is returned in the response headers and the old refresh token is revoked. /users/refresh-token - public route that accepts HTTP POST requests with a refresh token cookie.If the username and password are correct then a JWT authentication token and the user details are returned in the response body, and a refresh token cookie (HTTP Only) is returned in the response headers. /users/authenticate - public route that accepts HTTP POST requests containing a username and password in the body.The example API has the following endpoints/routes to demonstrate authenticating with JWT, refreshing and revoking tokens, and accessing secure routes: In this tutorial we'll go through an example of how to implement JWT (JSON Web Token) authentication with refresh tokens in an ASP.NET Core 3.1 API.įor an extended example that includes email sign up, verification, forgot password and user management (CRUD) functionality see ASP.NET Core 3.1 - Boilerplate API with Email Sign Up, Verification, Authentication & Forgot Password.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |