Reputation: 1
ASP.NET Core 6 Web API throwing an http error 401, despite Azure SSO token being validated
I have an ASP.NET Core 6 Web API being hit from a react front end.
I have configured both with the correct tenant, clientID, etc, and I can login to the react site fine, I get a token. I have looked at the JWT token and it looks fine.
However when I post to the Web API, I am getting back a http error 401 Unauthorized as a response. Looking at the output from the Web API, I see this debug output:
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10245: Creating claims identity from the validated token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter: Information: IDX10245: Creating claims identity from the validated token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
info: Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter[0]
IDX10241: Security token validated. token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
Microsoft.IdentityModel.LoggingExtensions.IdentityLoggerAdapter: Information: IDX10241: Security token validated. token: '[PII of type 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken' is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
dbug: Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics[0]
Begin OnTokenValidatedAsync.
Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics: Debug: Begin OnTokenValidatedAsync.
dbug: Microsoft.Identity.Web.Resource.JwtBearerMiddlewareDiagnostics[0]
End OnTokenValidatedAsync.
It appears as though the token is validated, but the Web API is still returning a http 401.
I have seen some posts about issues occurring due to the order of calls to set up the app, but I believe I have
app.UseAthentication();
and
app.UseAuthorization();
in the correct location / order.
var app = builder.Build();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseCors(
MyAllowSpecificOrigins
);
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Here is my react configuration values ("sanitized" values)
REACT_APP_CLIENT_ID=11111111-1111-1111-11111-111111111111
REACT_APP_AUTHORITY=<microsoftloginurl>/22222222-2222-2222-2222-222222222222
REACT_APP_REDIRECT_URL=<localhost>:3000
REACT_APP_API_URL=<localhost>:7145/api
And the Web API ("sanitized" values")
"AzureAd": {
"Instance": "<microsoftloginurl>",
"Domain": "my.domain",
"TenantId": "11111111-1111-1111-11111-111111111111",
"ClientId": "22222222-2222-2222-2222-222222222222",
"CallbackPath": "/signin-oidc"
},
Upvotes: 0
Views: 393
Answers (1)
Reputation: 1
I created a role and assigned it to my user, and am no longer getting 401s. I had assumed that without setting up a role, any user token would be accepted in the post to the api, but that doesn't look like the case.
Upvotes: 0
Related Questions
- Migrating existing API project to .NET 8 getting error when creating JWT tokens
- Return file in ASP.Net Core Web API
- How to validate token without kid
- Decoding Jwt in Blazore Client_side results WASM: System.ArgumentException: IDX12723: Unable to decode the payload '[PII is hidden
- Error on validating JWT token IDX12741. JWT: must have three segments (JWS) or five segments (JWE)
- Correct way to use axios interceptors
- .Net Core Web API manually validate Azure AD access Token and get user details
- .NET generating invalid JWT tokens