This Identity Bearer token is not being recognized

Question

I'm following this tutorial for learning to use Identity. Helpfully, the author offers a working example of his code on his own server. I have made this console application that does the following:

1. Register an account.
2. Retrieve a token for this account.

3. Retrieve information with this token.

   using System;
   using System.Collections.Generic;
   using System.Net.Http;
   using System.Net.Http.Headers;
   
   namespace IdentityConsoleApp
   {
   class Program
   {
   static void Main(string[] args)
   {
       string userName = "john4";
       string password = "Password@123";
       var registerResult = Register(userName, password);
   
       Console.WriteLine("Registration Status Code: {0}", registerResult);
   
       string token = GetToken(userName, password);
       Console.WriteLine("");
       Console.WriteLine("Access Token:");
       Console.WriteLine(token);
   
       Console.WriteLine("");
       Console.WriteLine(GetOrders(token));
   
       Console.Read();
   }
   
   
   static string Register(string name, string apassword)
   {
       var registerModel = new
       {
           userName = name,
           password = apassword,
           confirmPassword = apassword
       };
       using (var client = new HttpClient())
       {
           var response =
               client.PostAsJsonAsync(
               " http://ngauthenticationapi.azurewebsites.net/api/account/register",
               registerModel).Result;
           return response.StatusCode.ToString();
       }
   }
   
   
   static string GetToken(string userName, string password)
   {
       var pairs = new List<KeyValuePair<string, string>>
                   {
                       new KeyValuePair<string, string>( "grant_type", "password" ), 
                       new KeyValuePair<string, string>( "userName", userName ), 
                       new KeyValuePair<string, string> ( "password", password )
                   };
       var content = new FormUrlEncodedContent(pairs);
       using (var client = new HttpClient())
       {
           var response =
               client.PostAsync(" http://ngauthenticationapi.azurewebsites.net/token", content).Result;
           return response.Content.ReadAsStringAsync().Result;
       }
   }
   
   
   static string GetOrders(string token)
   {
       using (var client = new HttpClient())
       {
           client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
   
           var response = client.GetAsync(" http://ngauthenticationapi.azurewebsites.net/api/Orders").Result;
           return response.Content.ReadAsStringAsync().Result;
       }
   }
      }
    }
   

This code is easy to copy and paste into a new C# console project in Visual Studio. Just replace "John4" with any random username that hasn't been used yet.

I'm getting the following output:

Registration status Code: OK

Access Token: {[Access token content]}

{"message": "Authorization has been denied for this request"}

Assuming the tutorial author's software is working correctly, why can't I get through the bearertoken authorization? What is wrong with the token I'm passing?

Answer 1

In your code the response for function GetToken will return JSON object not only the access_token property, so you should extract the access_token field then send it to the endpoint, the response you currently receiving from GetToken is like the below:

{
"access_token": "pXuyMK2GmuffgCTJJrFDBsJ_JqJ0qkIkEePhswVSjIv-A35OB7WoFxiYGg-WdjyCEonEjtmcondVTmdZE97T03WQ0agPbwTizdgxYCVE3rPJ9BmqT84M66Z0XXCrYnMj9OYl5SmmzcJpmlQd7v2jGG5WkRvJeOeqy1Ez2boXByo2QFDp5X7TqSokhz1Pvsusa3ot4-wgmpVkF6DTpctzv_gXFhjAPHs7NHFFsm_zuyRRvWKkekmATKg-4QJPlxlIn84BvDxNSgs9gQFH8nNFl37-P5BV4PJY43IC7otxBsgJymATFxdPFblcXb1aGIsnPuhU_Q",
"token_type": "bearer",
"expires_in": 1799,
"as:client_id": "",
"userName": "Taiseer",
".issued": "Thu, 05 Mar 2015 20:34:16 GMT",
".expires": "Thu, 05 Mar 2015 21:04:16 GMT"
}