Capgemini .NET Client Round: JWT Admin Role Explained (401 vs. 403)

In a recent .net client round interview, I was asked to secure an Admin endpoint using JWT in ASP.NET Core with role-based authorisation. This video explains how JWT authentication middleware works, how roles are validated, and why 401 vs 403 matters in ASP.NET Core Web API. If you're preparing for Capgemini, Deloitte, Cognizant or any .NET Full Stack client round, this breakdown will prepare you for depth-level questioning. If you're preparing for .NET Full Stack interviews (3–8+ years experience), this discussion will help you confidently handle scenario-based questions and follow-ups. --- 🎯 Real Interview Scenario An Angular client application sends a JWT token with every request. Requirement: • Secure specific endpoints (Admin endpoints) • Allow access only to users with the Admin role • Explain authentication + authorization flow clearly • Handle follow-up architectural questions --- 📚 What You’ll Learn • What JWT actually is (beyond textbook definition) • JWT vs Session-based authentication • Stateless architecture explained clearly • JWT structure (Header, Payload, Signature) • How JWT signature is created and validated • Symmetric vs Asymmetric signing • Secret key storage best practices • Middleware pipeline (Authentication vs Authorisation) • Role-based vs Policy-based authorisation • Why 401 vs 403 errors happen • Common role-claim mapping mistakes • How to answer scenario-based client round questions confidently --- 👨‍💻 Who Should Watch This? • .NET Developers (3–8+ years experience) • ASP.NET Core Web API developers • Angular + .NET Full Stack developers • Developers preparing for Capgemini / Deloitte / EY / Cognizant client rounds --- 0:00 Why Client Rounds Feel Different 1:25 The Real Client Round JWT Scenario 3:10 How to Approach Scenario-Based Questions 5:20 Mental Mapping Before Answering 7:00 What is JWT? (Simple but Powerful Explanation) 9:40 Stateless vs Session-Based Authentication 12:30 Why Stateless Architecture Matters 14:45 JWT Structure (Header, Payload, Signature) 17:30 How JWT Signature Is Created 19:50 How JWT Validation Works Internally 22:30 Symmetric vs Asymmetric Signing 24:40 Where to Store Secret Keys (Key Vault, Env Variables) 26:20 Complete JWT Flow in Real Application 28:40 Middleware Pipeline (Authentication vs Authorization) 29:50 Securing Admin Endpoint with [Authorize] 30:50 401 vs 403 Explained 31:30 Role Claim Mapping Pitfalls 32:00 Final Advice for Client Rounds If this helped you prepare better for interviews, support the channel: 👍 Like 💬 Comment on your doubts 🔔 Subscribe for upcoming real interview breakdowns #dotnet #aspnetcore #jwt #csharp #angular #webapi #authentication #authorization #codinginterview