Reputation: 20997
Owin JWT 401 Unauthorized
I'm trying to authenticate using IdentityServer4 and JWT. I'm getting a token from my client and trying to post a simple request to one of my controllers.
I have a request like so
GET api/Users
Authorization: Bearer {{my-token}}
In my start up class I've registered
var authorizationPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
services.AddMvc(config => {
config.Filters.Add(new AuthorizeFilter(authorizationPolicy)});
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddIdentityServerAuthentication(o =>
{
o.Authority = "https://localhost:44333";
o.RequireHttpsMetadata = false;
o.ApiName = "MyApi";
o.JwtBearerEvents = new JwtBearerEvents
{
OnAuthenticationFailed = async context => {
Console.WriteLine("Debugger");
},
OnMessageReceived = async context => {
Console.WriteLine("Debugger");
},
OnTokenValidated = async tokenValidationContext =>
{
Console.WriteLine("Debugger");
}
});
I've put break points at each one of the Console.WriteLine("Debugger") statements yet none of the break points hit. Still I'm returned an unauthorized.
Is the header proper for my authorization? I want to check the request when it fails, yet even with all exceptions turned on I cannot hit a break point, does anyone have any suggestions?
EDIT My Client Confiugration:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("MyApi", "My Api"),
new ApiResource
{
Name = "customAPI",
DisplayName = "Custom API",
Description = "Custom API Access",
UserClaims = new List<string> {"role"},
ApiSecrets = new List<Secret> {new Secret("secretPassword".Sha256())},
Scopes = new List<Scope>
{
new Scope("customAPI.read"),
new Scope("customAPI.write")
}
}
};
}
The controller controller base:
[Route("api/[controller]")]
public class AsyncCRUDSingleKeyServiceController<TDTO, TKey> : Controller
where TKey : struct
{
protected IAsyncCRUDService<TDTO> _service;
public AsyncCRUDSingleKeyServiceController(IAsyncCRUDService<TDTO> service)
{
this._service = service;
}
[HttpGet("{id}")]
public virtual async Task<TDTO> Get(TKey id)
{
return await this._service.Get(new object[] { id });
}
//...
}
Upvotes: 0
Views: 1036
Answers (1)
Reputation:
In Startup.Configure, did you include the following line (before app.UseMvc)?
app.UseAuthentication();
Upvotes: 2
Related Questions
- Error when trying to use JWT for ASP NET Owin Authentication?
- Getting 401 Unauthorized with valid access token using identity server 4
- .net Framework, OWIN and getting JWT tokens
- Owin not authenticated when requesting access token
- WebApi authorization with JWT always return 401
- "Message": "Authorization has been denied for this request." OWIN middleware
- Jwt tokens authorization is not working
- Microsoft Owin UseJwt
- Web API giving 401 on JWT
- How to authenticate from Web API controller endpoint when implementing Identity 2.1 + OWIN OAuth JWT bearer token