Web API with OWIN Auth is returning "Authorization has been denied for this request." on every action with [Authorize]

Question

I have Web API with taken based authorization. I am successfully able to register a user and get access_token from the API. But, when I post to any other endpoint with the access_token on the header for the same user, I am getting

"Message": "Authorization has been denied for this request."

If I remove the [Authorize] decoration on the action method, only the client is validated in the ValidateClientAuthentication and request gets processed fine. I am trying to post these requests from Postman, sending body parameters as x-www-form-urencoded.

The API is built using oAuth and MS identity. Client gets authenticated successfully in ValidateClientAuthentication.

Answer 1

In token authentication (also called Bearer authentication ) in OWIN. The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources. So we need to pass bearer as a prefix with the token.

Example: bearer aGM_wMX8ngpe5ZglJwOASwnDfq1Pf4CtUrGgtOVFOvJA-tf0sckHNG9iUpI-7fWZFWE5uDb_OT3taasAxcUQnZCWxpm6mRhyg9pRjJwcVjXtJdSupaZ1bKhTYKI2fNCVqfM6Iosoyx2ziD7Qm7dRQj-cMe

Answer 2

Suffixing Bearer to the access token with a space in between in Authorization key of the request header worked for me.

Authorization : "Bearer Access_Key"

• Thanks

Answer 3

Just add Bearer before your token on the access_token parameter It should look like this :

Authorization: Bearer sdifusdifnPOIJDFPIUdfhpiuhdfg164