This is my Web Api Project Structure
This is Sample Web Api Project Structure from online tutorial
I’m working on a project using JWT authentication, but I’m following a tutorial that uses IdentityServer. In my setup, both the API and authentication controllers are in the same project. I understand that IdentityServer can handle separate API and Server projects with different IPs, but I’m unsure about JWT. Can I still follow the tutorial’s project structure, considering I’m using JWT instead of IdentityServer, and both my API and authentication controllers are in the same project?
I want to make my project structure organise ad easy to maintain, as my project will expand
how can my web api validate token issued by my auth server?
Inside asp.net core you could configure the jwt authentication validation related option to allow your web api check the token.
Like below:
//Jwt configuration starts here
var jwtIssuer = builder.Configuration.GetSection("Jwt:Issuer").Get<string>();
var jwtKey = builder.Configuration.GetSection("Jwt:Key").Get<string>();
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = jwtIssuer,
ValidAudience = jwtIssuer,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtKey))
};
});
//Jwt configuration ends here
By setting this, the server will check the jwt issuer based on the validation option.
More details, you could refer to this article and this article.
There is no best architecture and it all depends on factors like the size and complexity of your project read this : common web application architectures
Actually, it depends on your requirement, if your authentication token service is just for this application, you could put it inside this application. If your application is very big and other application will still use this authentication server, I suggest you put it to another project.
i decided to seperate the project, but then how can my web api validate token issued by my auth server? i have done some research but still i dont understand. some say i need to use identityserver(duende), or openidconnect. is there any link or sample i could follow?