A Blog full of Web Projects

A Blog full of Web Projects

.NET 8 REST API doing Authentication by JWT and Refresh Tokens

05-May-2024

Angular client towards a REST API by .NET 8 with C# using JWT and Refresh Tokens for Authentication

Traditional webhosting is used for this Application

The Web API was made without the ASP.NET Core Identity using custom JWT middleware

Functionality of the Web App

  • JWT authentication with Refresh Tokens
  • Refresh token rotation
  • Revoked token reuse detection

Tech used for building the Web App

  • C#
  • The .NET 8 Web API is hosted at a traditional Webhotel
  • The Angular Client is hosted at a traditional Webhotel
  • SQLite as the Database for both Dev + Prod
  • CORS Policy implemented by .NET
  • JWT Token for access secure routes
  • Refresh Token by HTTP only Cookie to generate new JWT Tokens

By using JWT + Refresh Tokens the security will be improved. The JWT can have a reduced time to live and therefor less likely to be stolen

A Blog made with Gatsby React and GraphQL