By name: net-jwt-auth description: Implement JWT authentication and authorization for ASP.NET Core license: MIT compatibility: opencode metadata: audience: .net-developers framework: aspnetcore security: jwt
What I Do
I implement complete JWT authentication:
- JWT token generation
- Token validation
- Refresh token support
- Role-based authorization
- Password hashing
- User claims
When to Use Me
Use this skill when:
- Adding authentication to API
- Implementing JWT tokens
- Setting up authorization
- Securing API endpoints
Authentication Structure
src/{ProjectName}.Infrastructure/Security/
├── Jwt/
│ ├── IJwtTokenGenerator.cs
│ ├── JwtTokenGenerator.cs
│ ├── IJwtTokenValidator.cs
│ └── JwtTokenValidator.cs
├── Password/
│ ├── IPasswordHasher.cs
│ └── PasswordHasher.cs
├── Claims/
│ └── ClaimConstants.cs
└── Extensions/
└── AuthenticationExtensions.cs
src/{ProjectName}.Application/Authentication/
├── Commands/
│ ├── RegisterCommand.cs
│ ├── RegisterCommandHandler.cs
│ ├── LoginCommand.cs
│ └── LoginCommandHandler.cs
├── DTOs/
│ ├── RegisterRequest.cs
│ ├── LoginRequest.cs
│ └── AuthResponse.cs
└── Services/
└── IAuthService.cs
JWT Implementation
Token Generation
public class JwtTokenGenerator : IJwtTokenGenerator
{
private readonly IOptions<JwtSettings> _jwtSettings;
public JwtTokenGenerator(IOptions<JwtSettings> jwtSettings)
{
_jwtSettings = jwtSettings;
}
public string GenerateToken(User user, IList<string> roles)
{
var key = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes(_jwtSettings.Value.Secret));
var credentials = new SigningCredentials(
key, SecurityAlgorithms.HmacSha256);
var claims = new List<Claim>
{
new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
new Claim(JwtRegisteredClaimNames.Email, user.Email),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString())
};
claims.AddRange(roles.Select(role =>
new Claim(ClaimTypes.Role, role)));
var token = new JwtSecurityToken(
issuer: _jwtSettings.Value.Issuer,
audience: _jwtSettings.Value.Audience,
claims: claims,
expires: DateTime.UtcNow.Add(_jwtSettings.Value.Expiry),
signingCredentials: credentials
);
return new JwtSecurityTokenHandler().WriteToken(token);
}
}
JWT Configuration
{
"JwtSettings": {
"Secret": "your-256-bit-secret-key-here",
"Issuer": "https://yourdomain.com",
"Audience": "https://yourdomain.com",
"Expiry": "01:00:00",
"RefreshTokenExpiry": "07:00:00:00"
}
}
Authorization Policy
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy =>
policy.RequireRole("Admin"));
options.AddPolicy("CanManageProducts", policy =>
policy.RequireClaim("Permission", "ManageProducts"));
});
Security Best Practices
- Use strong secret key (256+ bits)
- Set appropriate token expiration
- Implement refresh token rotation
- Store refresh tokens securely (hashed)
- Use HTTPS in production
- Validate all claims
- Implement rate limiting
- Log authentication events
Example Usage
Implement JWT authentication with:
- User registration
- User login
- Token generation
- Refresh token support
- Role-based authorization
- Password hashing (BCrypt)
I will generate complete JWT authentication implementation.