Advertisement

Advertisement

Home / .net Core / .net core Mvc / .net Core Web Api / Asp.net Core / JWT kya hai?

JWT kya hai?

, , ,

 

JWT kya hai?

JWT kya hai?

JWT ek stateless authentication mechanism hai jo user identity ko securely verify karta hai bina session ya cookies ka use kiye.

Token Generate karne ke baad kya hota hai?

Token Generate Karna: Jab user login karta hai, server uska username aur password check karta hai. Agar credentials sahi hote hain, toh server ek JWT token generate karta hai.
JWT Token ka format kuch is tarah hota hai:
css
Copy code
header.payload.signature


    • Header: Isme algorithm aur token ki type hoti hai.

    • Payload: Isme claims hote hain jaise user ki identity (user id, email) aur token ki expiry time.

    • Signature: Yeh security ke liye hota hai, taaki koi bhi token ko modify na kar sake.

  2. JWT Token ka Role: Jab token generate ho jaata hai, yeh client (browser ya mobile) ko bheja jaata hai. Client token ko apne paas store karta hai (jaise ki localStorage, sessionStorage, ya cookies mein). Jab client ko future mein server se request karni hoti hai, toh yeh token server ko bheja jaata hai, jisse server user ki identity ko verify kar sakta hai.

  3. Client ka Role:

    • Jab client kisi protected endpoint (jaise /Home/Index ya /User/Profile) ko call karta hai, toh JWT token ko request ke sath bhejta hai.

Yeh token typically HTTP request ke Authorization header mein bheja jaata hai, jaise:
makefile
Copy code
Authorization: Bearer <JWT-Token>


  1. Server ka Role:

    • Server jab request ko receive karta hai, toh JWT token ko verify karta hai. Is verification se server ko pata chal jaata hai ki user kaun hai aur token tampered toh nahi hua hai.

    • Agar token valid hai aur expire nahi hua hai, toh server user ke request ko process karta hai. Agar token invalid hai, toh server 401 Unauthorized response bhejta hai.

  2. JWT ka use har request ke saath hota hai:

    • Har baar jab client server se request bhejta hai (jaise kisi protected route ko access karte waqt), toh uske saath token bhi bhejna padta hai.

    • Server har request ke sath token ko validate karta hai, taaki pata chal sake ki user authorized hai ya nahi.

JWT Token ka Example

Agar aap Login request karte ho aur successfully authenticate ho jaate ho, toh server aapko ek token bhejta hai. Yeh token aise dikhega:

json

Copy code

{

  "Token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3V1aWQiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjE3NzYzNzYyLCJleHBpcmVkX3N0YXR1c19vZmZlbnNlIjowfQ.rWV5u4N2VokCkKNMbmcoYfLNSVQW-7V3Oj2w70EjS0I"

}


Yeh token ko aapko apne client (browser ya mobile) mein store karna hota hai. Har request ke saath is token ko Authorization header mein bhejna hota hai.

Token ka Verification kaise hota hai?

  1. Token ko decode karna:

    • Jab server ko JWT token milta hai, toh wo us token ko decode karta hai aur signature ko verify karta hai.

    • Agar signature match ho jaati hai, toh server token ke andar jo information (user ID, roles, etc.) hai, usse authenticate karta hai.

  2. Token ki expiry check karna:

    • Token ke andar expiry time bhi hota hai. Agar token expire ho gaya ho, toh server us token ko invalid mana lega.

JWT ka Benefits

  • Stateless Authentication: Server ko user session ko track karne ki zaroorat nahi hoti. Har request ke sath token bhejne se user ke state ka pata chal jaata hai.

  • Scalability: Kyunki server par session data store nahi hota, isliye application ko scale karna aasan hota hai.

  • Cross-platform: JWT ko web apps, mobile apps, aur APIs mein use kiya jaa sakta hai, jo ki ek flexible aur reusable authentication system banata hai.

In Simple Words

  • Login ke baad JWT token generate hota hai.

  • Token ko client ko diya jaata hai, taaki wo usse future requests mein use kar sake.

  • Jab client server ko request bhejta hai, token ko Authorization header mein bhejna padta hai.

  • Server token ko verify karta hai aur agar valid hota hai, toh request ko process karta hai.

Agar aapko JWT ke baare mein aur kisi specific point pe clarification chahiye ho, toh batayein!

4o mini

You said:

Token ko client ko diya jaata kese

ChatGPT said:

ChatGPT

JWT (JSON Web Token) ko client ko dene ka process kuch is tarah hota hai:

Client ko Token kaise diya jaata hai?

Token Generate Karna: Jab user login karta hai aur unka email aur password sahi hote hain, server ek JWT token generate karta hai. Token mein user ki identity aur expiration time ki information hoti hai.
Token Generate Karne ka Code:
csharp
Copy code
var token = new JwtSecurityToken(

    issuer: _configuration["Jwt:Issuer"],

    audience: _configuration["Jwt:Audience"],

    claims: claims,

    expires: DateTime.Now.AddMinutes(30),

    signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:SecretKey"])), SecurityAlgorithms.HmacSha256)

);


var tokenString = new JwtSecurityTokenHandler().WriteToken(token);


Token Client ko Bhejna: Jab server token generate karta hai, toh woh token ko client ko bhejta hai. Yeh typically HTTP response ke through hota hai.
HTTP Response mein Token Bhejna: Server token ko response body mein send kar sakta hai. Agar aap API ke through JWT bhej rahe hain, toh yeh response kuch is tarah hoga:
json
Copy code
{

    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX3V1aWQiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNjE3NzYzNzYyLCJleHBpcmVkX3N0YXR1c19vZmZlbnNlIjowfQ.rWV5u4N2VokCkKNMbmcoYfLNSVQW-7V3Oj2w70EjS0I"

}

  1. Is example mein, token ko token key ke andar send kiya gaya hai.

Client Side (Browser / Mobile App)

  1. Token ko Store Karna: Client ko jo token milta hai, woh localStorage, sessionStorage, ya cookies mein store kar sakta hai, taaki future requests mein use kiya ja sake.

localStorage: LocalStorage mein token ko store karte hain taaki jab tak browser close na ho, token available rahe.
javascript
Copy code
localStorage.setItem('jwtToken', token);


sessionStorage: SessionStorage mein token ko store karte hain, lekin yeh tab tak available rahega jab tak browser tab open hai.
javascript
Copy code
sessionStorage.setItem('jwtToken', token);


Cookies: Token ko cookies mein bhi store kiya ja sakta hai (typically, HttpOnly aur Secure flags ke saath).
javascript
Copy code
document.cookie = "jwtToken=" + token + ";path=/;secure;httponly";


Token ko Server ke Saath Use Karna: Jab client ko future mein server se protected resources (jaise /Home/Index, /User/Profile, etc.) ki zaroorat hoti hai, toh client Authorization header mein token bhejta hai.
Example (API Request with Token):
javascript
Copy code
var token = localStorage.getItem('jwtToken'); // LocalStorage se token lete hain


fetch('https://example.com/api/protected', {

    method: 'GET',

    headers: {

        'Authorization': 'Bearer ' + token // Token ko Authorization header mein bhejna

    }

})

.then(response => response.json())

.then(data => console.log(data));
JWT kya hai? JWT kya hai? Reviewed by Rikesh on January 10, 2025 Rating: 5

You May Also Like

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.