Introduction
In today’s software development world, APIs are at the core of almost every application. Securing them with modern authentication methods, such as JWT (JSON Web Token), is a critical step to ensure that only authorized users can access sensitive data. This blog will guide you through building a generic API client in ASP.NET Core that integrates JWT-based authentication to secure the API endpoints. We’ll also demonstrate how to configure an HTTP client to fetch external data, handle errors, and streamline the API communication process.
What You’ll Learn
By the end of this blog, you will:
- Understand how to set up JWT authentication in ASP.NET Core.
- Learn to create a generic API service to fetch data from an external API.
- Implement secure API endpoints using JWT authentication.
- Handle HTTP requests and responses gracefully, including error logging and exception handling.
Model: DataModel.cs
namespace Model
{
public class DataModel
{
public string Id { get; set; }
public string Timestamp { get; set; }
public double Value { get; set; }
// Add more properties as needed
}
public class GenericApiResponse
{
public List<DataModel> Data { get; set; }
}
}IGenericService.cs
using Model;
namespace API.Services
{
public interface IGenericService
{
Task<List<DataModel>> GetDataAsync(string endpoint);
}
}GenericService.cs
using System.Net.Http.Headers;
using System.Text.Json;
using Microsoft.Extensions.Options;
using Model;
namespace API.Services
{
public class GenericService : IGenericService
{
private readonly HttpClient _httpClient;
private readonly ApiSettings _apiSettings;
private readonly ILogger<GenericService> _logger;
public GenericService(HttpClient httpClient, IOptions<ApiSettings> apiSettings, ILogger<GenericService> logger)
{
_httpClient = httpClient ?? throw new ArgumentNullException(nameof(httpClient));
_apiSettings = apiSettings?.Value ?? throw new ArgumentNullException(nameof(apiSettings));
_logger = logger ?? throw new ArgumentNullException(nameof(logger));
_httpClient.DefaultRequestHeaders.Accept.Clear();
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
_httpClient.Timeout = TimeSpan.FromSeconds(_apiSettings.TimeoutInSeconds);
ValidateSettings();
}
public async Task<List<DataModel>> GetDataAsync(string endpoint)
{
var resultData = new List<DataModel>();
try
{
var apiUrl = $"{_apiSettings.BaseUrl}/{endpoint}";
var response = await _httpClient.GetAsync(apiUrl);
if (response.IsSuccessStatusCode)
{
var options = new JsonSerializerOptions { PropertyNameCaseInsensitive = true };
using var contentStream = await response.Content.ReadAsStreamAsync();
var apiResponse = await JsonSerializer.DeserializeAsync<GenericApiResponse>(contentStream, options);
if (apiResponse?.Data != null)
{
resultData.AddRange(apiResponse.Data);
}
else
{
_logger.LogWarning("No valid data found in the response.");
}
}
else
{
_logger.LogError($"API request failed with status code: {response.StatusCode}, Reason: {response.ReasonPhrase}");
}
}
catch (HttpRequestException ex)
{
_logger.LogError(ex, "HTTP request error occurred.");
}
catch (JsonException ex)
{
_logger.LogError(ex, "JSON deserialization error occurred.");
}
catch (Exception ex)
{
_logger.LogError(ex, "An unexpected error occurred.");
throw;
}
return resultData;
}
private void ValidateSettings()
{
if (string.IsNullOrEmpty(_apiSettings.BaseUrl))
{
throw new ArgumentException("Base URL is not configured.", nameof(_apiSettings.BaseUrl));
}
if (_apiSettings.TimeoutInSeconds <= 0)
{
throw new ArgumentException("Timeout must be a positive value.", nameof(_apiSettings.TimeoutInSeconds));
}
}
}
}Controller: GenericController.cs
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using API.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using Microsoft.IdentityModel.Tokens;
using Model;
namespace API.Controllers
{
[ApiController]
[Route("api/generic")]
[Authorize]
public class GenericController : ControllerBase
{
private readonly IGenericService _genericService;
private readonly ILogger<GenericController> _logger;
private readonly IConfiguration _configuration;
public GenericController(IGenericService genericService, ILogger<GenericController> logger, IConfiguration configuration)
{
_genericService = genericService;
_logger = logger;
_configuration = configuration;
}
[HttpGet("{endpoint}")]
public async Task<ActionResult<List<DataModel>>> GetDataAsync(string endpoint)
{
if (string.IsNullOrEmpty(endpoint))
{
_logger.LogWarning("Invalid endpoint provided.");
return BadRequest("Endpoint is required.");
}
try
{
var data = await _genericService.GetDataAsync(endpoint);
if (data != null && data.Count > 0)
{
return Ok(data);
}
_logger.LogInformation($"No data found for endpoint: {endpoint}");
return NotFound($"No data found for endpoint: {endpoint}");
}
catch (Exception ex)
{
_logger.LogError(ex, $"An error occurred while fetching data from endpoint: {endpoint}");
return StatusCode(500, "An error occurred while processing your request.");
}
}
[HttpPost("authenticate")]
[AllowAnonymous]
public IActionResult Authenticate()
{
var userId = "genericUser";
var password = "genericPassword";
if (userId != "genericUser" || password != "genericPassword")
{
return Unauthorized();
}
var token = GenerateJwtToken(userId);
return Ok(new { Token = token });
}
private string GenerateJwtToken(string userId)
{
var key = Encoding.ASCII.GetBytes(_configuration["JwtSettings:SecretKey"]);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, userId) }),
Expires = DateTime.UtcNow.AddHours(1),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var tokenHandler = new JwtSecurityTokenHandler();
var token = tokenHandler.CreateToken(tokenDescriptor);
return tokenHandler.WriteToken(token);
}
}
}appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"ApiSettings": {
"BaseUrl": "https://api.example.com",
"TimeoutInSeconds": 30
},
"JwtSettings": {
"SecretKey": "YourSuperSecretKeyHere"
},
"AllowedHosts": "*"
}Program.cs
using API.Services;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using Model;
using System.Net.Http.Headers;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
// Add JWT authentication
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(builder.Configuration["JwtSettings:SecretKey"]))
};
});
// Add services to the container.
builder.Services.AddControllers();
// Configure ApiSettings
builder.Services.Configure<ApiSettings>(builder.Configuration.GetSection("ApiSettings"));
// Configure HTTP Client for GenericService
builder.Services.AddHttpClient<IGenericService, GenericService>(client =>
{
var apiSettings = builder.Configuration.GetSection("ApiSettings").Get<ApiSettings>();
client.BaseAddress = new Uri(apiSettings.BaseUrl);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
});
// Add Swagger/OpenAPI documentation
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
}
else
{
app.UseExceptionHandler("/error");
}
app.UseHttpsRedirection();
// Enable authentication and authorization
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();I hope this blog gave you a clear understanding of how to implement JWT authentication and a generic API client in ASP.NET Core. Give it a try in your own projects and share your feedback in the comments. If you have any questions or need further clarification, feel free to reach out. Stay tuned for more guides on ASP.NET Core, authentication, and API development!
Thanks for reading! Cheers and happy coding!