{"id":9,"date":"2025-06-19T11:00:56","date_gmt":"2025-06-19T11:00:56","guid":{"rendered":"https:\/\/blog.vigplanet.com\/?p=9"},"modified":"2025-09-08T04:25:31","modified_gmt":"2025-09-08T04:25:31","slug":"how-to-generate-and-use-jwt-bearer-tokens-in-net-core-api","status":"publish","type":"post","link":"https:\/\/blog.vigplanet.com\/?p=9","title":{"rendered":"How to Generate and Use JWT Bearer Tokens in .NET Core API"},"content":{"rendered":"\n<p><strong>Updated on:<\/strong> June 9, 2025<\/p>\n\n\n\n<p>Securing your API with JWT (JSON Web Tokens) is a powerful and modern way to authenticate and authorize users. In this blog post, we\u2019ll explore how to generate a JWT Bearer token in .NET Core, set it in headers, and validate it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd27 Prerequisites<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Visual Studio or VS Code<\/li>\n\n\n\n<li>.NET Core SDK installed<\/li>\n\n\n\n<li>NuGet Package: <code>System.IdentityModel.Tokens.Jwt<\/code><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83e\uddf1 Step 1: Install JWT Package<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>Install-Package System.IdentityModel.Tokens.Jwt<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udee1\ufe0f Step 2: Create Token Generator<\/h2>\n\n\n\n<p>Create a helper class to generate the token:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>public class JwtHelper\n{\n    private readonly string _key = \"YourSecretKey@123\";\n\n    public string GenerateToken(string username)\n    {\n        var tokenHandler = new JwtSecurityTokenHandler();\n        var key = Encoding.ASCII.GetBytes(_key);\n\n        var tokenDescriptor = new SecurityTokenDescriptor\n        {\n            Subject = new ClaimsIdentity(new&#91;] {\n                new Claim(ClaimTypes.Name, username)\n            }),\n            Expires = DateTime.UtcNow.AddHours(1),\n            SigningCredentials = new SigningCredentials(\n                new SymmetricSecurityKey(key), \n                SecurityAlgorithms.HmacSha256Signature)\n        };\n\n        var token = tokenHandler.CreateToken(tokenDescriptor);\n        return tokenHandler.WriteToken(token);\n    }\n}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd10 Step 3: Create Login API<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;HttpPost(\"login\")]\npublic IActionResult Login(&#91;FromBody] LoginModel model)\n{\n    if (model.Username == \"admin\" &amp;&amp; model.Password == \"password\")\n    {\n        var jwt = new JwtHelper();\n        var token = jwt.GenerateToken(model.Username);\n\n        Response.Headers.Add(\"Authorization\", \"Bearer \" + token);\n        return Ok(new { token });\n    }\n    return Unauthorized();\n}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd0d Step 4: Get Token from Header<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;HttpGet(\"protected\")]\npublic IActionResult Protected()\n{\n    var token = Request.Headers&#91;\"Authorization\"].ToString().Replace(\"Bearer \", \"\");\n\n    if (string.IsNullOrWhiteSpace(token))\n        return Unauthorized(\"No token provided.\");\n\n    var handler = new JwtSecurityTokenHandler();\n    var jwtToken = handler.ReadJwtToken(token);\n\n    var username = jwtToken.Claims.FirstOrDefault(c =&gt; c.Type == ClaimTypes.Name)?.Value;\n\n    return Ok($\"Hello {username}, your token is valid.\");\n}<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u2699\ufe0f Step 5: Configure Authentication<\/h2>\n\n\n\n<p>In <code>Startup.cs<\/code> or <code>Program.cs<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>services.AddAuthentication(\"Bearer\")\n    .AddJwtBearer(\"Bearer\", options =&gt;\n    {\n        options.TokenValidationParameters = new TokenValidationParameters\n        {\n            ValidateIssuer = false,\n            ValidateAudience = false,\n            ValidateIssuerSigningKey = true,\n            IssuerSigningKey = new SymmetricSecurityKey(\n                Encoding.ASCII.GetBytes(\"YourSecretKey@123\"))\n        };\n    });\n\napp.UseAuthentication();\napp.UseAuthorization();<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udccc Testing the API<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Call <code>POST \/login<\/code> with credentials<\/li>\n\n\n\n<li>Copy the token returned in the header\/response<\/li>\n\n\n\n<li>Call <code>GET \/protected<\/code> with: <code>Authorization: Bearer eyJhbGciOi...<\/code><\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\ude80 SEO Tips to Index This Blog<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use clean meta tags and schema markup<\/li>\n\n\n\n<li>Add this blog in sitemap.xml of your Blogger or website<\/li>\n\n\n\n<li>Share on social and submit URL to Google Search Console<\/li>\n\n\n\n<li>Use canonical link for preferred indexing<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udcda Conclusion<\/h2>\n\n\n\n<p>Using JWT for securing .NET Core APIs is a modern, scalable approach. With this guide, you can generate tokens, set them in headers, and authorize protected endpoints securely.<\/p>\n\n\n\n<p>Happy coding!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Updated on: June 9, 2025 Securing your API with JWT (JSON Web Tokens) is a powerful and modern way to authenticate and authorize users. In this blog post, we\u2019ll explore how to generate a JWT Bearer token in .NET Core, set it in headers, and validate it. \ud83d\udd27 Prerequisites \ud83e\uddf1 Step 1: Install JWT Package<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-9","post","type-post","status-publish","format-standard","hentry","category-net-core"],"_links":{"self":[{"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=\/wp\/v2\/posts\/9","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9"}],"version-history":[{"count":1,"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions"}],"predecessor-version":[{"id":10,"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=\/wp\/v2\/posts\/9\/revisions\/10"}],"wp:attachment":[{"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.vigplanet.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}