Validating the token#

Now that we know the token is generated by the server and it has all the properties that we added, we now need to verify if we can use the same token to verify the users. To test this, we can go to our ErrorsController and create a new method which will be accessed only if we are authorized; let's make it get request and call it auth check. Below this, we will add Authorize attribute which will only approve the request if the user is authorized. You can also use this Authorize attribute on top, but that would expect all the requests to be called by the authorized user; and we don't want that. let's import it from asp dotnet authorization, and this is just a method which will return a string. Let's call this CheckAuthorization and it will simply return, "You are authorized".

[HttpGet("authcheck")]

[Authorize]

public ActionResult<string> CheckAuthorization()

{

    return "You are authorized";

}

We can now open postman and run the Check Authorization Request under Module 5. If we click on send, we see an error. Now we can try the user login and copy the token and inside CheckAuthorization header, select Authorization and paste token, and write Bearer before it. Now if we make the request, we see the same error. Why is it so? Well, we have written the code for generating a token but we haven't yet configured it to read the token and verify the user. What we can do is go inside Startup class and configure the authentication service.