JWT – JSON Web Token – Introduction

As we know, HTTP is a stateless protocol where each request is treated as an independent request. For rendering static web page, this could still be fine, but what if the web application needs to track a user across multiple requests.That is where Session and state management came to the picture. The server will authenticate the user and if it’s a valid request, the server will save the session id and return the same to the client. The client can pass this session-id for any subsequent request. The server will check for the session id and will process the request for the client.

With server-side session management, scalability can be a challenge, say we have a load-balanced scenario, the user sends a session id in the request which goes to a different server which knows nothing about the session causing failure. Now we can always save the session id in the database which will bring its overhead.

This is where JWT – JSON Web Token comes to rescue that comply with the stateless nature of the HTTP.

JSON is an open standard RFC 7519, that defines a compact and self-contained method for securely transferring information between parties.

The format of JSON Web Token


payload is the part of transmitted data that is the actual intended message in computing.

The header will typically contain

  • typ – the type of media, JWT in this case.
  • alg – the algorithm used for signing and/or decryption the JWT

The payload contains information about the client or set of claims. There are seven registered (public) claims and we can define private (custom) claims also.

iss issuer The party that issued the JWT
sub subject The party that this JWT carries information
aud audience Intended recipient
exp expiration Exact moment from which the JWT is considered invalid in ‘seconds since Epoch’ format
nbf from not before Exact moment from which the JWT is considered valid.
Iat Issued at time Time when the JWT was issued
jti JWT ID Unique identifier for this JWT

The third part signature is computed as follows:

Header and Payload are encoded using Base64url encoding and are concatenated with a period separator.

This is then run through the algorithm specified in the header.

HS256(secret, base64URLEncoding(header) + “.” + base64URLEncoding(payload))

The signature is also encoded using Base64urlEncoding

Finally, the token will be

token= base64urlEncoding(header) + ‘.’ + base64urlEncoding(payload) + ‘.’ + base64urlEncoding(signature)

We can encode or decode JWTs at


Here changing the Payload will change the JWT String.

The flow will look something like below

Get the free comprehensive guide on JWT


Hope it helps..

HTTP Error 404.3 – Not FoundThe page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.

I was getting the above error while trying to run an ASP.NET page deployed inside IIS 8 in Windows 8 machine.

The fix was to enable the ASP.NET option of the IIS feature

Start -> Run -> appwiz.cpl -> Turn Windows features on or off -> Internet Information Services -> World Wide Web Services -> Application Development Features

Hope it helps.

The remote name could not be resolved while using HttpWebRequest

The issue could be because of proxy setting not specified for the web application. The solution to this is to add the following conifig info in the application’s web.config
<system.net><defaultProxy  enabled=true” useDefaultCredentials=true>
<proxy  bypassonlocal=True”  proxyaddress=proxyaddress />

Hope it helps.

“DropDownList has a SelectedIndex which is invalid because it does not exist in the list of items” error while setting SelectedIndex

I had my drop down list defined as following
ID=”ddlNeedEFMP” runat=”server” Enabled=”False”>

To set it’s selectedindex we can make use of below syntax.

ddlNeedEFMP.SelectedIndex= ddlNeedEFMP.Items.IndexOf(ddlNeedEFMP.Items.FindByValue(“1”));

Hope it helps.

CS1026: ) expected error when using IFrame in Content Page

Hi I had the following iframe defined in one of my aspx page.

<iframe id=”MyIframe” src=”http://www.bing.com&#8221; runat=”server” onload=”CallHello();”></iframe> 

The page was working fine. However as soon as I specified the same iframe inside a master page, I started getting following error. 

Compiler Error Message: CS1026: ) expected 
Source Error: 

 Line 4: </asp:Content>
Line 5: <asp:Content ID=”Content2″ ContentPlaceHolderID=”ContentPlaceHolder1″ Runat=”Server”>

Line 6: <iframe ….src=http://www.bing.com….

Line 7: </asp:Content>

Line 8:


So here to resolve the error either remove the runat or onload attribute.



HyperLinkField and RowDataBound in ASP.NET

To access the HyperLinkField control with the RowDataBound event of the GridView, we can use the following code (refer the column cell)

protected void gridCaseMember_RowDataBound(object sender, GridViewRowEventArgs e){
if (e.Row.RowType == DataControlRowType.DataRow){
HyperLink myLink = (HyperLink)e.Row.Cells[0].Controls[0];

myLink.NavigateUrl = http://www.bing.com&#8221;;    }



Hope it helps !