El_Merendero
Reputation: 689
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService - Authorization failed
What I have:
I have to working on a web application developed last year not by me. It is composed of a web service back-end and a web application front-end. The back-end is writtenin C# 7, running on the .NET Core 2.1 runtime and using the ASP.NET Core MVC framework. The front-end is a web application written in HTML 5, CSS3, TypeScript and React.
What I want:
I want to set up a development environment on my PC (using windows 10 as OS).
What I'v done:
I ran the webpack-dev-server to serve the front-end at http://localhost:8080. Then I ran the back-end using ASP.NET Core in Visual Studio to serve the web service at http://localhost:44311. Then I reached the login form in the main page at http://localhost:8080.
The problem:
During the login stage I get the following error (I'm using a valid user and password):
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action method MyProject.Controllers.AuthenticationController.Login (MyProject), returned result Microsoft.AspNetCore.Mvc.OkResult in 549.6866ms.
Microsoft.AspNetCore.Mvc.StatusCodeResult:Information: Executing HttpStatusCodeResult, setting HTTP status code 200
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyProject.Controllers.AuthenticationController.Login (MyProject) in 620.9287ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 634.4833ms 200
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 OPTIONS http://localhost:44311/Authentication/GetUser
Microsoft.AspNetCore.Cors.Infrastructure.CorsService:Information: Policy execution successful.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 2.9016ms 204
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44311/Authentication/GetUser application/json
Microsoft.AspNetCore.Cors.Infrastructure.CorsService:Information: Policy execution successful.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Route matched with {action = "GetUser", controller = "Authentication"}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult GetUser() on controller MyProject.Controllers.AuthenticationController (MyProject).
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes (Cookies).
Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Cookies was challenged.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action MyProject.Controllers.AuthenticationController.GetUser (MyProject) in 25.582ms
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 33.6489ms 302
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 OPTIONS http://localhost:44311/Account/Login?ReturnUrl=%2FAuthentication%2FGetUser
Microsoft.AspNetCore.Cors.Infrastructure.CorsService:Information: Policy execution successful.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 3.2166ms 204
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44311/Account/Login?ReturnUrl=%2FAuthentication%2FGetUser application/json
Microsoft.AspNetCore.Cors.Infrastructure.CorsService:Information: Policy execution successful.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 2.7855ms 404
Here is my Startup.cs:
public class Startup
{
private readonly IHostingEnvironment _env;
private readonly IConfiguration _config;
public Startup(IHostingEnvironment env, IConfiguration config)
{
_env = env;
_config = config;
}
public void ConfigureServices(IServiceCollection services)
{
JwtConfiguration jwtConfiguration = _config.GetSection("JwtConfiguration").Get<JwtConfiguration>();
CustomJwtDataFormat jwtDataFormat = CustomJwtDataFormat.Create(jwtConfiguration);
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddSingleton<IConfiguration>(_config);
services.AddSingleton<IEmailConfiguration>(_config.GetSection("EmailConfiguration").Get<EmailConfiguration>());
services.AddSingleton(new LogService(_config.GetSection("AzureLogConfiguration").Get<AzureLogConfiguration>()));
services.AddSingleton(jwtDataFormat);
services.AddAuthentication().AddCookie(options => {
options.Cookie.Name = AuthenticationCookie.COOKIE_NAME;
options.TicketDataFormat = jwtDataFormat;
});
Database.ConnectionString = _config["ConnectionStrings:PostgresDatabase"];
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.SetBasePath(env.ContentRootPath);
configurationBuilder.AddJsonFile("appsettings.json", false, true);
if (env.IsDevelopment()) {
app.UseCors(
builder => builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials()
);
app.UseDeveloperExceptionPage();
configurationBuilder.AddUserSecrets<Startup>();
}
else {
app.UseExceptionHandler("/Home/Error");
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseMvc(routes => {
routes.MapRoute(name: "default", template: "{controller=Site}/{action=Index}");
});
}
}
AuthenticationController.cs (used to authenticate the user during the login stage):
public class AuthenticationController : Controller
{
private readonly IEmailConfiguration _emailConfiguration;
private readonly LogService _logService;
private readonly CustomJwtDataFormat _jwt;
public AuthenticationController(IEmailConfiguration emailConfiguration, LogService logService, CustomJwtDataFormat jwt)
{
_emailConfiguration = emailConfiguration;
_logService = logService;
_jwt = jwt;
}
[AllowAnonymous]
public IActionResult Login([FromBody] LoginNto loginNto)
{
string requestString = string.Format("Username: '{0}', Type: '{1}'", loginNto.Email, loginNto.Type);
try
{
var requestType = ToLoginType(loginNto.Type);
var userType = UsersMapper.GetUserType(loginNto.Email, loginNto.Pass);
if (userType != requestType)
throw new UnauthorizedAccessException();
AuthenticationCookie.CreateAndAddToResponse(HttpContext, loginNto.Email, _jwt);
_logService.RequestResponse("[Authentication/Login]", HttpContext.Connection.RemoteIpAddress, null, requestString, Ok().StatusCode);
return Ok();
}
catch (UnauthorizedAccessException e)
{
_logService.RequestResponse("[Authentication/Login]", HttpContext.Connection.RemoteIpAddress, null, requestString, Unauthorized().StatusCode, e);
return Unauthorized();
}
catch (Exception e)
{
_logService.RequestResponse("[Authentication/Login]", HttpContext.Connection.RemoteIpAddress, null, requestString, 500, e);
return StatusCode(500);
}
}
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]
public IActionResult GetUser()
{
try
{
User user = UsersMapper.Get(AuthenticationCookie.GetAuthenticatedUserEmail(HttpContext, _jwt));
_logService.RequestResponse("[Authentication/GetUser]", HttpContext.Connection.RemoteIpAddress, AuthenticationCookie.GetAuthenticatedUserEmail(HttpContext, _jwt), null, Ok().StatusCode);
return Ok(Json(user.ForNet()));
}
catch (UnauthorizedAccessException e)
{
_logService.RequestResponse("[Authentication/GetUser]", HttpContext.Connection.RemoteIpAddress, AuthenticationCookie.GetAuthenticatedUserEmail(HttpContext, _jwt), null, Unauthorized().StatusCode, e);
return Unauthorized();
}
catch (Exception e)
{
_logService.RequestResponse("[Authentication/GetUser]", HttpContext.Connection.RemoteIpAddress, AuthenticationCookie.GetAuthenticatedUserEmail(HttpContext, _jwt), null, 500, e);
return StatusCode(500);
}
}
}
AuthenticationCookie.cs (used to manage the JWT cookie... I think...):
public class AuthenticationCookie
{
public const string COOKIE_NAME = "authentication_cookie";
public static void CreateAndAddToResponse(HttpContext httpContext, string email, CustomJwtDataFormat jwtDataFormat) {
httpContext.Response.Cookies.Append(COOKIE_NAME, jwtDataFormat.GenerateToken(email));
}
public static string GetAuthenticatedUserEmail(HttpContext httpContext, CustomJwtDataFormat jwt) {
var tokenValue = httpContext.Request.Cookies[COOKIE_NAME];
var authenticationTicket = jwt.Unprotect(tokenValue);
return authenticationTicket.Principal.Claims.First().Value;
}
public static void Delete(HttpContext httpContext) {
httpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
}
}
Upvotes: 2
Views: 14438
Answers (1)
itminus
Reputation: 25360
The Reason
The root reason is that you didn't add a UseAuthentication() before UseMvc() :
app.UseAuthentication(); // MUST Add this line before UseMvc()
app.UseMvc(routes => {...});
As a result, ASP.NET Core won't create a User Principal for user even he has already signed in. And then you got a message of :
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed.
Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes (Cookies).
Since you didn't configure the Login Path for cookie:
services.AddAuthentication().AddCookie(options => {
options.Cookie.Name = AuthenticationCookie.COOKIE_NAME;
options.TicketDataFormat = jwtDataFormat;
});
So it use the default one, i.e., /Account/Login. But you didn't have such a AccountController and Login action method, you get a response of 404:
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:44311/Account/Login?ReturnUrl=%2FAuthentication%2FGetUser application/json
Microsoft.AspNetCore.Cors.Infrastructure.CorsService:Information: Policy execution successful.
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 2.7855ms 404
How to fix
- add a
UseAuthentication()beforeUseMvc():app.UseAuthentication(); // MUST add this line before UseMvc() app.UseMvc(routes => {...}); Create a Controller/View for user to login in if you don't have one. And then tell ASP.NET Core how to redirect user in Startup:
services.AddAuthentication().AddCookie(options => { options.Cookie.Name = AuthenticationCookie.COOKIE_NAME; options.TicketDataFormat = jwtDataFormat; options.LoginPath= "/the-path-to-login-in"; // change this line });
[Edit]
Your
Login([FromBody] LoginNto loginNto)method accepts aHttpGetrequest, but expecting to get a body. HTTP Get has no body at all. You need change it toHttpPost:[HttpPost] [AllowAnonymous] public async Task<IActionResult> Login([FromBody] LoginNto loginNto) { ... }The way signing in the user seems not correct. Change your Login() method to sends a standard cookie as below:
[HttpPost] [AllowAnonymous] public async Task<IActionResult> Login([FromBody] LoginNto loginNto) { string requestString = string.Format("Username: '{0}', Type: '{1}'", loginNto.Email, loginNto.Type); try { ... if (userType != requestType) throw new UnauthorizedAccessException(); //AuthenticationCookie.CreateAndAddToResponse(HttpContext, loginNto.Email, _jwt); await SignInAsync(loginNto.Email, _jwt); ... return Ok(); } ... } async Task SignInAsync(string email, CustomJwtDataFormat jwtDataFormat){ var schemeName = CookieAuthenticationDefaults.AuthenticationScheme; var claims = new List<Claim>(){ new Claim(ClaimTypes.NameIdentifier, email), new Claim(ClaimTypes.Name, email), new Claim(ClaimTypes.Email, email), // ... other claims according to the jwtDataFormat }; var id = new ClaimsIdentity(claims, schemeName); var principal = new ClaimsPrincipal(id); // send credential cookie using the standard await HttpContext.SignInAsync(schemeName,principal); }And the GetUser can also be simplified:
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)] public IActionResult GetUser() { var email = HttpContext.User.FindFirstValue(ClaimTypes.Email); User user = UsersMapper.Get(AuthenticationCookie.GetAuthenticatedUserEmail(HttpContext, _jwt)); _logService.RequestResponse("[Authentication/GetUser]", HttpContext.Connection.RemoteIpAddress, AuthenticationCookie.GetAuthenticatedUserEmail(HttpContext, _jwt), null, Ok().StatusCode); var payload= new { Email = email, // ... other claims that're kept in cookie }; // return Ok(Json(user.ForNet())); return Json(payload); }
Upvotes: 5
Related Questions
- ASP.NET core JWT authentication always throwing 401 unauthorized
- JWT token error 401 Unauthorized in .net core 3.1
- Problems with Microsoft.AspNetCore.Authentication.JwtBearer 401 unauthorised in .NET 6 ASP.NET Core
- JWT always return unauthorized 401 on .net core api
- .NET Core - JWT - SecurityTokenNoExpirationException
- JWT Authorization Failed .net core
- ASP.NET Core Jwt 401 Unauthorized. Policy auth
- .net Core 3 Web API JWT unauthorized
- The AuthorizationPolicy named: 'Bearer' was not found
- Asp.Net Core 1.1 failed to use Jwt Token