Do you know what AuthService is?
AuthService, which is responsible for creating, signing and verifying JWT tokens. AuthService is the most important element of our application. Responsible for creating JWT tokens, as well as for signing and verifying incoming ones. It has two methods (GenerateJwtToken () and ValidateToken ()) and uses both MembershipProvider (login validation, claim retrieval) and RSAKeyProvider (to supply the signature key). Once we have all the data we need, we can create a JWT token (in JSON format) as an object of the JwtSecurityToken class. Then our JWT token must be converted from JSON format to a compact string (a string separated by dots 🙂 xxx.yyy.zzz. To do this, create a JwtSecurityTokenHandler object of the class and call it with WriteToken (). The Token prepared in this way is then sent to the user.
What does token validation give you?
The second most important AuthService function is ValidateTokenAsync (), which tries to decrypt the sent JWT token and checks its validity. If either of these two operations fails, the logical state is returned. Similarly, when signing, we create an object of type, RSACryptoServiceProvider, which is initialized by a key stored in a global variable. Our token in compact string format needs to be converted back to JSON. TokenValidationParameters The object lists the parameters that will be used by the SecurityTokenHandler object when trying to read the JWT. In this case, the given properties are: issuer, audience, and object, RsaSecurityKey, which is responsible for decryption. ValidateToken () from JwtsecurityTokenHandler will attempt to read any claims. If the token is invalid or the claims are unreadable, the exception will be caught and the method will return false. In the next part, we can move on to programming the login controller and test our application.