user68288
Reputation: 784
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService Authorization failing
I am trying to setup a simple Authentication setup for my api routes in my .NET 2.1 instance.
I am using this exact same methodology on my Nodejs backend and it works perfectly.
Currently I am getting the following errors when testing locally:
Now listening on: http://localhost:50001
Application started. Press Ctrl+C to shut down.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://localhost:50001/api/test
warn: Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
Failed to determine the https port for redirect.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Route matched with {action = "Get", controller = "Test"}. Executing controller action with signature System.Collections.Generic.IEnumerable`1[System.String] Get() on controller EJ2FileManagerServices.Controllers.TestController (EJ2AmazonS3ASPCoreFileProvider).
info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action EJ2FileManagerServices.Controllers.TestController.Get (EJ2AmazonS3ASPCoreFileProvider) in 16.9604ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 172.7868ms 401When I take away my Auth code this results with a 200 status and a json object for the GET.
Startup.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.IdentityModel.Tokens;
using System.Net;
using Newtonsoft.Json;
namespace EJ2FileManagerService
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices(IServiceCollection services)
{
services
.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKeyResolver = (s, securityToken, identifier, parameters) =>
{
// Get JsonWebKeySet from AWS
var json = new WebClient().DownloadString(parameters.ValidIssuer + "/.well-known/jwks.json");
// Serialize the result
return JsonConvert.DeserializeObject<JsonWebKeySet>(json).Keys;
},
ValidateIssuer = true,
ValidIssuer = $"https://cognito-idp.{Region}.amazonaws.com/{PoolId}",
ValidateLifetime = true,
LifetimeValidator = (before, expires, token, param) => expires > DateTime.UtcNow,
ValidateAudience = true,
ValidAudience = AppClientId,
};
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
services.AddCors(options =>
{
options.AddPolicy("AllowAllOrigins", builder =>
{
builder.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader();
});
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseCors("AllowAllOrigins");
app.UseHttpsRedirection();
// Auth Code
app.UseAuthentication();
// Auth Code
app.UseMvc();
}
}
}Test Controller
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
namespace EJ2FileManagerServices.Controllers
{
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class TestController : Controller
{
// GET api/values
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/values/5
[HttpGet("{id}")]
public string Get(int id)
{
return "value";
}
// POST api/values
[HttpPost]
public void Post([FromBody]string value)
{
}
// PUT api/values/5
[HttpPut("{id}")]
public void Put(int id, [FromBody]string value)
{
}
// DELETE api/values/5
[HttpDelete("{id}")]
public void Delete(int id)
{
}
}
}Note I removed the values for the Cognito details. I am very new to using .NET so I am afraid the ordering may be an issue somewhere as I see that is a common problem with the error I am receiving. Any help would be greatly appreciated.
Upvotes: 0
Views: 963
Answers (1)
bugrakosen
Reputation: 603
I'm not sure your issue about that but you can try add "app.UseAuthorization();" under to "app.UseAuthentication();". Middleware order is so important in .Net Core by the way.
Upvotes: 1
Related Questions
- API Gateway Cognito Authorizer not authorizing Access Token but will authorize Id Token: 401 Unauthorized
- AWS Cognito JWT authentication works with the ID Token, but not the Access Token? Returns 401
- ASP.NET Core AWS Cognito JWT
- AWS Cognito JWT will not pass validation with .net core api, missing cognito configuration?
- AmazonCognitoIdentityProviderException: User is not authorized to perform cognito-idp:DescribeUserPool on resource
- Microsoft.AspNetCore.Authorization.DefaultAuthorizationService - Authorization failed
- OperationCanceledException when trying to authenticate user in AWS Cognito
- AWS Cognito: invalid token signature, could not match the desired key identifier within the list of keys
- CognitoIdentityProviderClient AdminInitiateAuth Unable to verify secret hash for client
- AWS Cognito: Access to Identity is forbidden when calling getOpenIdToken()