Posts: 1
Registered: ‎07-28-2020

Why is it so hard to secure an API in .NET Core?

I just wanted to create a simple token authentication to secure my API but it's all so difficult. I shouldn't have to go through hours and hours of tutorials to add one of the most basic app requirements there is. The starter templates don't have auth if you're picking an API unless it's that azure thing. The SPA templates use OIDC in a mixture of MVC/SPA that's fairly complex. I don't want OIDC with Identity Server, and I don't want OAuth2.0.

I just want a simple JWT token that I can use with authentication and authorisation. There are no official guides to implement this with the JwtBearer provided by Microsoft just some made by the community, but those never follow the simplest case and always use IdentityServer or OAuth, Okta, etc.

I just want an API where I can send a username and password and it returns me a token which I use on subsequent requests by adding it to the header in the format of Authorization: Bearer (token) which let's me access secured endpoints with authentication and authorization. Can someone please help me with resources to accomplish this?