implementation of Authentication using JWT. Security applied on all microservices endpoints.

DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs

@@ -1,4 +1,5 @@
 using DamageAssesment.Api.Employees.Interfaces;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 
@@ -18,7 +19,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// <summary>
         /// GET request for retrieving employees.
         /// </summary>
-
+        [Authorize(Roles = "admin")]
         [HttpGet("Employees")]
         public async Task<ActionResult> GetEmployeesAsync()
         {
@@ -35,7 +36,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// <summary>
         /// GET request for retrieving an employee by ID.
         /// </summary>
-        
+        [Authorize(Roles = "admin")]
         [HttpGet("Employees/{id}")]
         public async Task<ActionResult> GetEmployeeByIdAsync(int id)
         {
@@ -48,11 +49,12 @@ namespace DamageAssesment.Api.Employees.Controllers
             return NotFound();
 
         }
-   
+
         /// <summary>
         /// PUT request for updating an existing employee.
         /// </summary>
         /// <param name="Employee">The updated employee object.</param>
+        [Authorize(Roles = "admin")]
         [HttpPut("Employees/{id}")]
         public async Task<IActionResult> UpdateEmployee(int id, Models.Employee Employee)
         {
@@ -75,6 +77,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// POST request for creating a new employee.
         /// </summary>
         /// <param name="Employee">The employee information for creating a new employee.</param>
+        [Authorize(Roles = "admin")]
         [HttpPost("Employees")]
         public async Task<IActionResult> CreateEmployee(Models.Employee Employee)
         {
@@ -93,6 +96,7 @@ namespace DamageAssesment.Api.Employees.Controllers
         /// DELETE request for deleting an existing employee.
         /// </summary>
         /// <param name="id">The ID of the employee to be deleted.</param>
+        [Authorize(Roles = "admin")]
         [HttpDelete("Employees/{id}")]
         public async Task<IActionResult> DeleteEmployee(int id)
         {

DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs

@@ -1,23 +1,74 @@
 using DamageAssesment.Api.Employees.Db;
 using DamageAssesment.Api.Employees.Interfaces;
 using DamageAssesment.Api.Employees.Providers;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.IdentityModel.Tokens;
+using Microsoft.OpenApi.Models;
 using System.Reflection;
+using System.Text;
 
 var builder = WebApplication.CreateBuilder(args);
 
 // Add services to the container.
+var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
+builder.Services.AddAuthentication(item =>
+{
+    item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
+    item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
+}).AddJwtBearer(item =>
+{
+    item.RequireHttpsMetadata = true;
+    item.SaveToken = true;
+    item.TokenValidationParameters = new TokenValidationParameters()
+    {
+        ValidateIssuerSigningKey = true,
+        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
+        ValidateIssuer = false,
+        ValidateAudience = false,
+        ClockSkew = TimeSpan.Zero
+    };
+});
 
 builder.Services.AddControllers();
 // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
 builder.Services.AddEndpointsApiExplorer();
 //builder.Services.AddSwaggerGen();
-builder.Services.AddSwaggerGen(c =>
+builder.Services.AddSwaggerGen(options =>
 {
     // Include XML comments from your assembly
     var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
     var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
-    c.IncludeXmlComments(xmlPath);
+    options.IncludeXmlComments(xmlPath);
+
+    OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
+    {
+        Name = "Bearer",
+        BearerFormat = "JWT",
+        Scheme = "bearer",
+        Description = "Specify the authorization token.",
+        In = ParameterLocation.Header,
+        Type = SecuritySchemeType.Http,
+    };
+
+    options.AddSecurityDefinition("jwt_auth", securityDefinition);
+
+    // Make sure swagger UI requires a Bearer token specified
+    OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
+    {
+        Reference = new OpenApiReference()
+        {
+            Id = "jwt_auth",
+            Type = ReferenceType.SecurityScheme
+        }
+    };
+
+    OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
+    {
+        {securityScheme, new string[] { }},
+    };
+
+    options.AddSecurityRequirement(securityRequirements);
 });
 
 builder.Services.AddScoped<IEmployeesProvider, EmployeesProvider>();
@@ -43,6 +94,7 @@ if (app.Environment.IsDevelopment())
     }
 }
 
+app.UseAuthentication();
 app.UseAuthorization();
 
 app.MapControllers();

DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json

@@ -8,10 +8,5 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*",
-  "settings": {
-    "endpoint1": "xxx",
-    "endpoint2": "xxx",
-    "endpoint3": "xxx"
-  }
+  "AllowedHosts": "*"
 }