How-To get details of 401 Unauthorized from ASP.NET Core 2.1 API

Question

I am working on an ASP.NET API (built in Core 2.1) and when trying to call it from a test application, I am getting a 401 Unauthorized. However, near as I can tell, the Access Token is fine. Is there a way to get more details about what is invalid from the Authentication handler in ASP.NET Core 2.1? If I can get some idea of what is wrong with the token, I should be able to find a solution to correct it, but right now I am stumbling around in the dark and just trying various things (most likely, I am just making it worse).

Answer 1

You should look in the server logs. It could be the way you're passing the token in your request. Example what it could be :

I was doing:

GET https://localhost:44357/api/test 
Headers:   
    Bearer: {ACCESS_TOKEN_VALUE}   
    Content-Type: application/json 

when I should have been doing:

GET https://localhost:44357/api/test 
Headers:   
    Authorization: Bearer {ACCESS_TOKEN_VALUE}
    Content-Type: application/json

https://github.com/openiddict/openiddict-core/issues/577

Answer 2

Check logs or the events viewer of your server.

For your error, check if you're calling app.UseAuthentication() as the first method in Configure(), even before UseMVC().

It will helps if you've mentioned subcode of the error :

401.1: Access is denied due to invalid credentials.
401.2: Access is denied due to server configuration favoring an alternate authentication method.
401.3: Access is denied due to an ACL set on the requested resource.
401.4: Authorization failed by a filter installed on the Web server.
401.5: Authorization failed by an ISAPI/CGI application.
401.7: Access denied by URL authorization policy on the Web server.