CODEWITHSUNDEEP
asp.net-web-apiasp.net-corejwt
MARKAND Bhatt
MARKAND Bhatt

Reputation: 2640

AddJwtBearer validates token but kills request

Following is my code to register authentication

var tokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuerSigningKey = true,
                IssuerSigningKey = signingKey,

                ValidateIssuer = true,
                ValidIssuer = issuer,

                ValidateAudience = true,
                ValidAudience = audience,

                ValidateLifetime = true,

                ClockSkew = TimeSpan.Zero
            };

    services.AddAuthentication(options =>
                {
                    options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
                })
               .AddJwtBearer(options =>
               {
                   options.TokenValidationParameters = tokenValidationParameters;
                   options.Events = new JwtBearerEvents
                   {
                       OnAuthenticationFailed = context =>
                       {
                           Console.WriteLine("OnAuthenticationFailed: " + context.Exception.Message);
                           Trace.WriteLine("OnAuthenticationFailed: " + context.Exception.Message);


                           return Task.CompletedTask;
                       },
                       OnTokenValidated = context =>
                       {
                           Console.WriteLine("OnTokenValidated: " + context.SecurityToken);
                           Trace.WriteLine("OnTokenValidated: " + context.SecurityToken);
                           return Task.CompletedTask;
                       }
                   };
               });

Following is my controller code

 [Route("api/[controller]")]
    public class ValuesController : Controller
    {
        // GET api/values
        [HttpGet]
        [Authorize]
        public IEnumerable<string> Get()
        {
            return new string[] { "value1", "value2" };
        }
    }

But my request to api/values never makes it to this controller.

Somehow the request completes in OnTokenValidated event.

I get 401 response.

What am I doing wrong here?

Upvotes: 0

Views: 1074

Answers (1)

Kevin
Kevin

Reputation: 2414

To my understanding, when using Identity the defaultAuthenticateScheme is set to cookie authentication. I am unsure what options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; is supposed to do but it didn't change the DefaultAuthenticateScheme or DefaultChallengeScheme when I tested it in my program that is using JWT authentication with identity.

try adding in 

options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

and then to prevent getting a 404 instead of a 401 when not authorized add 

options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

if you want to use cookie authentication with JWT you can set the DefaultAuthenticatieScheme in the [Authorize] tag like so either:

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

Upvotes: 1

Related Questions