https://discord.umbraco.com logo
Join Discord
Powered by
#help-with-umbraco
What is the correct way to implement a UmbracoApiC...
n
I would like to have only 1 API controller that is authenticated with a Bearer token, More or less like this implementation https://www.c-sharpcorner.com/article/jwt-token-creation-authentication-and-authorization-in-asp-net-core-6-0-with-po/ Only with the umbraco pipeline, this doesn't seem to work.
d
Hi there! Is there any particular step where you get stuck? I've recently implemented JWT token authentication in Umbraco 10 and it works without any issue for me.
It's pretty much the exact same, except you use 
UmbracoApiController
as your controller base class
n
i created a not umbraco project, (like the example) there it is working perfect. But once i do it in umbraco. It seems like it is ignored. i keep getting a 404 on the endpoint.
and also, i have a feeling that the JWT authorization is configured for all API's when you do it as in the blog?
d
Ah yeah, if you do 
.AddAuthentication()
, you should omit the authentication scheme, otherwise it sets the jwt scheme as default.
The 404 might be due to Umbraco's routing behaviour. By default, umbraco routes api controllers to 
/umbraco/api/[controller]/[action]
, so see if you can find your api endpoint there
Then when you secure an endpoint with the authorize attribute, you should specify the authentication scheme there
n
[HttpGet] //[Authorize(Roles = "Admin")] public InfoResult GetInfo() I can call the endpoint. But the moment i add the Authorize property, i get a 404.
d
Yes, that makes sense, because you need to specify the authentication scheme in the Authorize attribute
The authentication scheme is 
JwtBearerDefaults.AuthenticationScheme
if you followed that tutorial
n
aha
yes indeed. i get unauthorized as of now 😉 much better. lets see if i can get access now
ok 🙂 it seems to work now 😉
thx a lot for this small needtoknow 🙂 hehe
d
awesome!!
n
just a small followup question. would you by any chance also have used Swagger? Since this is not accepting the bearer token 🙂
d
Ah no, I haven't used swagger. I don't know how swagger does authentication
s
Lovely conversation here, I learned something new! Even tried it out myself and couldn't help but blog about it, THANKS for the useful info! https://dev.to/cultiv/using-jwt-tokens-to-access-an-umbracoapicontroller-3f88
d
Awesome stuff! If it's not too much effort: I see you mentioned my name, could you link that to my own account on Dev.to? It's right here: https://dev.to/d_inventor
s
Oh cool! I didn't know where to link to, I'll do that in a minute, out for lunch now!
Done!
@navorski. if you want me to link your name somewhere as well then let me know!
n
nice work that have done here and great blog. anyway, just wanted to ask how can I set up the expiration of the token here like I wanted it to be expired after an hour.
d
Hey! You usually set the expiration time on the endpoint that generates the JWT token. You likely have an api controller or some other service that produces a JWT token for you. That's where you should be able to set your expiration time.
n
ok cool. make sense. Thanks for responding.
41 Views
PreviousNext
Powered by