1. Dan Harrel
  2. SnapDevelop
  3. Thursday, 4 February 2021 21:51 PM UTC

Are there any samples or guidance for securing a ASP.NET Core 3.1 Web API as templated by SnapDevelop?  

For example, I am working from the following fine sample:

ASP.NET Core 3.1 - Simple API for Authentication, Registration and User Management | Jason Watmore's Blog

I have written C# code to log on to this fellow's sample web service and call secured APIs passing the JWT token.  I now want to adapt his code to similarly secure my Web API.  This code is quite complicated, particularly for a newer developer in these technologies.  In particular, the "Startup.cs" file does not jive exactly with the template created by SnapDevelop.  

Suggestions, guidance, and samples are welcome and appreciated!

 

Accepted Answer
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Thursday, 4 February 2021 22:06 PM UTC
  2. SnapDevelop
  3. # Permalink
0
Votes
Undo

Hi Dan, SnapDevelop is pure standard C# so you could secure your REST APIs anyway you find through Google.  We have a very simple tutorial to add a basic JWT token, which I would recommend you use as a starting point before going on to learn more complex security implementations.  But really, you have a blank canvas and can do anything you want.  If your REST API is being called by PowerBuilder, then both OAuth and JWT are supported.

Best regards,
Armeen

Comment
Thanks, Logan. That referral did the trick.



May I suggest Appeon enhances the excellent tutorial to cover this subject as well? I think this would be helpful to new Web API developers like myself:



1) I updated the following code from UserService.cs to encode the user ID value in addition to Name and Role:



Subject = new ClaimsIdentity(new Claim[]

{

new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),

new Claim(ClaimTypes.Name, user.UserName),

new Claim(ClaimTypes.Role, user.Role)

}),



2) I then updated the SampleController.cs code to extract all 3 Claim items:



using System.Security.Claims;

...

public ActionResult<IEnumerable<string>> Load()

{

// Extract Role information (that was encoded into JWT token)

string idString = User.FindFirstValue(ClaimTypes.NameIdentifier);

string name = User.FindFirstValue(ClaimTypes.Name);

string role = User.FindFirstValue(ClaimTypes.Role);



return new string[] { "value1", "value2" };

}



----

Regarding Armeen's comment on namespace naming - thanks for your continued attention. I thought the sample code was off on namespace naming when I did the tutorial originally. Now it looks OK. Either it was changed, or I was wrong
  1. Dan Harrel
  2. Monday, 8 February 2021 17:23 PM UTC
Thanks for your venerable suggestion, Dan! We will try to mention this subject in this JWT tutorial.

Regards, Logan
  1. Logan Liu @Appeon
  2. Tuesday, 9 February 2021 03:39 AM UTC
You are very welcome, and thank you!
  1. Dan Harrel
  2. Tuesday, 9 February 2021 14:39 PM UTC
There are no comments made yet.


There are replies in this question but you are not allowed to view the replies from this question.