View Replies (2)
Resolved JWT Authentication - how to apply to an existing API built with SnapDevelop?
  1. How-to
  2.  Authentication
  3.  C#
  4.  .NET Core 3.1
1 Votes
  1. Glenn Scamman
  2. SnapDevelop
  3. Friday, 17 December 2021 11:09 PM UTC

Hello, 

We have a client app we built with PB2019R3 build 2703 and used SnapDevelop to build an API so that we can have a cloud app where the PB client runs on the users' local machine but the database and all data-access will be on Azure in the cloud.  Let me point out we are using PowerClient to deploy the app, and we are NOT using PowerServer.  The API is running on IIS in Azure.  

The API consists of many controllers, services, and models we scaffolded from PB datawindows.  Now that I'm more knowledgable about the "stateless" nature of ASP.NET core API's and the importance of securing our API with authentication...thank you Bruce Armstrong for your Elevate 2021 sessions on Authentication... i want to add JWT Authentication to this API.  However, those sessions relied on PowerServer to automatically handle the authentication, whereas since I am not using PowerServer, I'm having to figure out some of the .NET/C# code myself.

I followed the Appeon tuturial Secure_a_Web_API_with_JWT_Token, but after many attempts, kept failing to get it adapted to my existing controllers and credentials-checking I already had in place. I could get a JWT token created, and could pass it back in the headers of the requests to the API, but nothing in the API seemed to verify the token was valid or even existed.  I finally broke down and started a new SnapDevelop project, following every step in detail to see if the sample app would actually verify the JWT token, and it did.  I see now, that the "Authorization" piece is not optional. It is tightly integrated with the "Authentication" in the Microsoft aspnetcore authentication packages.  I was hoping to just have this authentication "middle-ware" automatically verify the JWT token is valid for every single request to the API, and simply return an error if not.  But it appears that I need to utilize the Authorization and put an authorization attribute on every controller method to make the JWT Authentication work properly.

My question is, does that sound correct?  That I'll need to add an authorize attribute to all the dozens of API controller methods I have (such as the one from the tutorial shown below?

 

I also researched many other .NET tutorials out there on adding JWT authentication to ASPNET core API's, and they all got way over my head, since I'm pretty new to C# and .NET and web API's.  One looked promising in that it discussed creating an authorization policy middle-ware that maybe only requires a valid JWT Token and would automatically apply to all controller actions even if they didn't have authorize attributes specified.  I could not figure out how to translate what he showed in code snippets into what I need for my API.

Does anyone know of a way to setup an authorization policy so that the authorization attributes won't have to be added to all controller actions? Or something else that would make the process of adding JWT authentication easier?

I'm fine with adding these attributes, but thought I'd see if there was a smarter way to go about this.

Thanks,

 

Securing a SnapDevelop ASP.NET Core 3.1 Web API Debugging C# code in SnapDevelop that was built in Visual St...
Responses (2)
  1. Likes
  2. Latest
  3. Oldest

Find Questions by Tag

.EXE .NET 6.0 .NET Assembly .NET Core 3.1 .NET Core Framework .NET DataStore .NET Std Framework 32-bit 64-bit ADO.NET AEM AI Algorithm Amazon AWS Android Apache API APK App Store App Store (Apple) Appeon Workspace Appeon Xcelerator Plug-in Architecture Array ASE Asynchronous Methods Authentication AutoBuild AutoCompiler Automated Testing Automation AutoScript Azure Barcode Base64 Batch BigData BLOB Branch & Merge Browser Bug Build Button C# C# Class Importer C# Editor C# Model generator Calendar Camera Certificate Chrome Citrix Class Client Client/Server Cloud Cluster Collection COM Command Line Compiler Compression Computed Field Configuration Controls Cookies Cordova Crash Cross-Platform Crosstab CSharpAssembly CSharpObject CSS CSV Cursor Data Database Database Driver Database Painter Database Profile Database Provider DataObject DataSource DataStore DataStore (C#) DataStore (PS) DataType DataWindow DATE DATETIME DB2 Debug Debugger Debugging Deployment Design DLL DO-WHILE Dockable Docker Documentation DOUBLE Download DragDrop Edge Edit Style Editor Elevate Conference Email Embedded SQL Emulator Encoding Encryption Enhancement Request Entity Entity Framework ERP Error Event Event Handler Event Handling Excel Exception Export Expression External Functions F# Field File File Access Filter Firefox Firewall Font FOR-NEXT Foreground Format Function Garbage Collection GeoLocation Git Graph HANA Hash Header HTML/5 HTTP/S HTTPClient Icon IDE Identity IIS IMAPI Import InfoMaker Inheritance Installation Integer IntelliSense Interface Internet Internet Explorer iOS IPA iPad iPhone IWA J# Java JavaScript JBoss JDBC JOIN JSON JSONGenerator JSONParser Kestrel Label Lambda Large File LDAP Library License LINQ Linux OS Load Balancing Localization Localized PBVM Log In Log Out Logging LONG LONGLONG macOS MAPI Maps MDI Memory Memory Leak Menu Merge MessageBox Messagging Method Migration MIME TYPE Mobile Model ModelStore ModelStore (C#) MSOLEDBSQL Multi Threading MVC MySQL n-Tier Namespace NativePDF NVO OAuth ODATA ODBC Office Offline OLE OLEDB Online Open Source OpenAPI OpenSSL Oracle OrcaScript Other Outlook Output Package Parameter Patch PayPal PB Classic PB Native PB.NET PBC PBD PBDOM PBG PBJVM PBL PBNI PBORCA PBVM PBX PDF Performance Permission PFC Picture Pipeline Play Store (Google) Plugin Popup Port POST PostgreSQL PowerBuilder PowerBuilder (Appeon) PowerBuilder (SAP) PowerBuilder Compiler PowerBuilder Runtime PowerClient PowerScript (PS) PowerScript IDE PowerScript Migrator PowerServer PowerServer Mobile PowerServer Toolkit PowerServer Web PowerServerLabel Print Properties Proxy Publish PULL PUSH Query Regression Release Renew Resize Response REST Retrieve RibbonBar RibbonBar Builder Rich Text Roadmap RPC Runtime Packager SaaS Scaffolding Script SDI SDK Security Server Service Session Single Sign-on Size SMTP SMTPClient SnapDevelop SOAP Sort Source Code Speech Recognition SQL SQL Anywhere SQL Server SqlBuilder SqlExecutor SQLite SqlModelMapper Storage Stored Procedure Subscription SVN Swagger Syntax TabbedBar TabbedView Tablet TabPage Target TE Control Testing Text TFS Theme TIME Timer TLS/SSL Tomcat TortoiseGit TortoiseSVN Transaction Transparency Trial Trigger TRY-CATCH TX Control Type UI ULONG UltraLite Uninstall Unit Test Unit Testing UNIX OS Update Upgrade Upload URL User Center User Object UWP Validation VARCHAR Variable Versioning Visual Studio Visual Studio Code VM Voice Warning WCF Web API Web Extensions Web Service WebBrowser WebForms WebLogic WebSphere WildFly WinAPI Window Windows OS WinForms Wizard Workgroup Workspace WPF XCODE XHTML XML Zoom

Helpful?

If a reply or comment is helpful for you, please don’t hesitate to click the Helpful button. This action is further confirmation of their invaluable contribution to the Appeon Community.