Authenticate Using Secret String with Angular 7 and net 2.1

Question

I am following this tutorial, "Angular 7 - User Registration and Login Example & Tutorial". I would like to know where the app.Settings.secret is stored. Below shows how appSettings is declared. I cannot find where "Secrets" string is stored

  public UsersController(
        IUserService userService,
        IMapper mapper,
        IOptions<AppSettings> appSettings)
    {
        _userService = userService;
        _mapper = mapper;
        _appSettings = appSettings.Value;
    }

This is the poco for appSettings.cs

    public class AppSettings
{
    public string Secret { get; set; }
}

Finally this is how it is accessed in the UsersController:

public IActionResult Authenticate([FromBody]UserDto userDto)
    {
        var user = _userService.Authenticate(userDto.Username, userDto.Password);

        if (user == null)
            return BadRequest(new { message = "Username or password is incorrect" });

        var tokenHandler = new JwtSecurityTokenHandler();
        var key = Encoding.ASCII.GetBytes(_appSettings.Secret);

When I run the program using a real back end and use a breakpoint on this line:

---> var key = Encoding.ASCII.GetBytes(_appSettings.Secret);

and mouseover _appSettings.Secret I see this string:

"THIS IS USED TO SIGN AND VERIFY JWT TOKENS, REPLACE IT WITH YOUR OWN SECRET, IT CAN BE ANY STRING"

I want to know where the string is stored to assign to _appSettings.Secret.

Answer 1

In the default setup it's stored in an appsettings[.EnvirnomentName (optional)].json file inside your project or comes from various other sources supported by asp.net core configuration package:

https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/?view=aspnetcore-2.2

Here's the documentation for the "Options Pattern": https://learn.microsoft.com/en-us/aspnet/core/fundamentals/configuration/options?view=aspnetcore-2.2