Danny
Reputation: 506
Getting 401 unauthorized ASP.NET CORE 6
Im implementing role based authentication in ASP.NET CORE 6, and im getting 401 Unauthorized from Postman. i have included the bearer token, i have checked it in jwt.io and it is valid. but it still shows up 401 unauthorized. here is my startup.cs file
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetSection("AppSettings:Token").Value)),
ValidateIssuer = false,
ValidateAudience = false
};
});
builder.Services.AddControllersWithViews();
builder.Services.AddRazorPages();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseWebAssemblyDebugging();
}
else
{
app.UseExceptionHandler("/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseBlazorFrameworkFiles();
app.UseStaticFiles();
app.MapRazorPages();
app.UseAuthentication();
app.UseRouting();
app.UseAuthorization();
app.MapControllers();
app.MapFallbackToFile("index.html");
app.Run();
and here is a controller method
[HttpGet("onlinedrivers"), Authorize]
public async Task<ActionResult> GetOnlineDrivers()
{
var result = await _driverServices.GetOnlineDrivers();
return Ok(result);
}
i included the jwt bearer token as follows
i dont know what im doing wrong
Upvotes: 3
Views: 14150
Answers (2)
Dotan Mezushan
Reputation: 11
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetSection("AppSettings:Token").Value)),
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = false // you dont want to validate lifetime
};
});
Upvotes: 1
Danny
Reputation: 506
It it fixed, found out i had commented out the token expiration date when i was creating it. i checked the log thanks to gunr2171 and it said
Bearer error="invalid_token", error_description="The token has no expiration"
so when i added the expiration date, it worked.
Upvotes: 2
Related Questions
- ASP.NET Core System.UnauthorizedAccessException: Access to the path 'C:\..." is denied
- ASP.NET Core Web API Authentication
- .net core 6 api bad request
- Returning 401 Unauthorised from WebAPI
- ASP.NET Core Web API Authentication allowing unauthorized access
- .Net Core Web Api - unable to Authorize properly, getting 401
- .NET Core - Calling Web API from MVC Application with Windows Authentication on IIS Results In HttpRequestException 401 (Unauthorized) Status Code
- Asp.Net Core WebApi: Authorize attribute Error 403
- .Net Core 2.0 Authorization always returning 401
- ASP.NET WebApi FormsAuthentication 401 (Unauthorized) issue