by Christof Jans | 2021-05-01

JwtAuthLib is a .NET library to help implement authentication for WebApi projects without using .Net Core identity. As the name implies it uses Jwt bearer tokens.

The implementation of this library relies heavily on this blog post by Rick Strahl (and blatantly steals some code; thanks Rick 😉).


There are 2 main interfaces:


The most important property of JwtConfig is SigningKey (all other properties can be left at their default values). The signing key must be kept secret. If an attacker got a hold of your signing key they could create Jwt tokens and gain access to your site.


In StartUp.cs add the following code in ConfigureServices :

using JwtAuthLib;


You would typically get the jwtConfig from Configuration.

In Configure you need to add :


These calls need to be added after routing and before endpoint setup.

Logging in

In your login controller you need to add the following code :

private readonly IUserAuthenticator userAuthenticator;
private readonly IAuthenticator authenticator;

public string Authenticate(LoginUser loginUser)
    return authenticator.Authenticate(loginUser, userAuthenticator, jwtConfig);

userAuthenticator is an instance of IUserAuthenticator . This is an implementation that you provide to authenticate a username/password. Typically, your implementation would check a database (make sure you don't store passwords in cleartext; properly salting and hashing of passwords is outside the scope of JwtAuthLib).

authenticator is an instance of IAuthenticator. This was set up with DI in ConfigureServices.

The jwtConfig object must be an object with the same property values as the one you passed in to services.AddJwtAuth in ConfigureServices.


Once you have retrieved the Jwt bearer token (by calling the Authenticate method of your login controller) you use it by adding the following header to all you Http calls:

Authorization: Bearer <YourJwtBearerToken>

Example :

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJjaHJpc3RvZiIsImp0aSI6ImRjNjcyNTExLWEyYWYtNDJmNi1hZGVkLTVlN2VmZjE0NTI0NyIsInVzZXJuYW1lIjoiY2hyaXN0b2YiLCJkaXNwbGF5bmFtZSI6ImNocmlzdG9mIiwicm9sZSI6WyJhZG1pbiIsInJvbGUxIl0sImV4cCI6MTYxODc4OTgxMywiaXNzIjoiaHR0cHM6Ly9teXNpdGUuY29tIiwiYXVkIjoiaHR0cHM6Ly9teXNpdGUuY29tIn0.hkHJWUuDUbqH3WKf-N24Bj9JZpcNSi__PQKVFlhbwaI

Don't forget the word Bearer before your token.