When developing secure APIs in ASP.NET Core, implementing authentication can often slow down the development cycle, especially when integrating with full-fledged identity providers like Auth0 or Azure AD. Fortunately, starting with .NET 7, Microsoft introduced a powerful CLI tool that streamlines this process: dotnet user-jwts.
In this post, we’ll explore what dotnet user-jwts is, how it works, and how you can use it to simulate JWT-based authentication in your Minimal API projects during development.
What Is dotnet user-jwts?
The dotnet user-jwts command is part of the .NET CLI that allows developers to create, manage, and use local JSON Web Tokens (JWTs) specifically for development purposes. These tokens are:
- Stored in the local user secrets store.
- Automatically trusted by your ASP.NET Core development server.
- Meant for local testing only (not secure for production).
This tool removes the need to configure an actual authentication provider when developing APIs, letting you test secured endpoints more easily.
Why Use dotnet user-jwts?
- Faster development cycles by skipping identity provider configuration.
- Simulate user roles and claims without a real login system.
- Easily test authorization policies with custom JWT payloads.
- Integrated with the ASP.NET development server out of the box.
Installing the Tool
If you’re using .NET 7 or later, dotnet user-jwts is already included. Otherwise, install the latest .NET SDK from dotnet.microsoft.com.
Getting Started
Step 1: Create a Minimal API Project
dotnet new webapi -n JwtDemo --auth Individual
cd JwtDemo
The --auth Individual option sets up support for JWT authentication in development.
Step 2: Create a Development JWT
dotnet user-jwts create --role Admin --claim department=engineering
This generates a JWT with a role claim of Admin and a custom department claim. The tool outputs the token ID and value.
Step 3: View or Copy the Token
dotnet user-jwts list
dotnet user-jwts print --id <token-id>
Use the print command to get the full JWT access token for the given id. This token is what you then use in CURL requests below.
Example: Authenticated Minimal API Endpoint
Here’s how to secure an endpoint using the generated JWT:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddAuthentication().AddBearerToken();
builder.Services.AddAuthorization();
var app = builder.Build();
app.UseAuthentication();
app.UseAuthorization();
app.MapGet("/secure-data", (HttpContext context) =>
{
var user = context.User;
var name = user.Identity?.Name ?? "Anonymous";
var role = user.FindFirst("role")?.Value ?? "None";
return Results.Ok($"Hello {name}, you are in the role: {role}.");
})
.RequireAuthorization();
app.Run();
Test the Endpoint with curl or Postman
curl https://localhost:5001/secure-data \
-H "Authorization: Bearer <your-token>"
You should receive a response indicating the authenticated user’s name and their role.
Managing Tokens
- List all tokens:
dotnet user-jwts list - Delete a token:
dotnet user-jwts delete --id <token-id> - Clear all tokens:
dotnet user-jwts clear
Final Thoughts
dotnet user-jwts is a very useful utility for ASP.NET Core developers looking to test JWT-secured APIs without the overhead of configuring full identity systems during development. With just a few CLI commands, you can simulate user roles, test authorization policies, and develop against secure endpoints smoothly.
Important: These tokens are for development only and should never be used in production.
For more information, visit the official Microsoft documentation.
DarthPedro's Blog 