1

I'm trying to convert my old authentication to .NET 2.0. I had the following code:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    IncludeErrorDetails = true,
    Authority = "https://securetoken.google.com/xxxxx",
    TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidIssuer = "https://securetoken.google.com/xxxxxx",
        ValidateAudience = true,
        ValidAudience = "xxxx",
        ValidateLifetime = true,
    },
});

My new code is the following:

public void Configure(...)
{
    ...
    app.UseAuthentication();
    ...
}

public void ConfigureServices(IServiceCollection services)
{
    ...
    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.RequireHttpsMetadata = false;
            options.IncludeErrorDetails = true;
            options.Authority = "https://securetoken.google.com/xxxxxx";
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidIssuer = "https://securetoken.google.com/xxxxx",
                ValidateAudience = true,
                ValidAudience = "xxxxxx",
                ValidateLifetime = true,
            };
        }); 
    ...
    services.AddMvc();
    services.AddAuthorization(......);
}

But in 2.0 I'm getting a 404 response. If I remove the [Authorize] attribute from my endpoint, it works. My output window shows this:

Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:62423/api/users/info
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null). Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'. Microsoft.AspNetCore.Mvc.ChallengeResult:Information: Executing ChallengeResult with authentication schemes ().

Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler:Information: AuthenticationScheme: Identity.Application was challenged. Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker:Information: Executed action SORTE.API.ContentManager.Controllers.UsersController.Info (SORTE.API.ContentManager) in 24.0837ms Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 35.2446ms 302 Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 GET http://localhost:62423/Account/Login?ReturnUrl=%2Fapi%2Fusers%2Finfo
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request finished in 5.8149ms 404

From the log errors, it seems that it's trying to redirect me to /Account/Login, but I don't have such endpoint, my project is a Web API.

Am I missing some configuration?

Improve this question

1 Answer 1

Reset to default
3

I was facing the same problem, until i read this.

When we use the Authorize attribute, it actually binds to the first authentication system by default.

The solution was especify wich scheme to use (JwtBearer):

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme, Policy = "PoliceName")]

Now i can get status 200 (with valid token) and 401 (unauthorized - invalid token)

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you! I was stuck in this problem for almost a week. Now my claims transformer is not working but that's another problem...
Thanks a lot too, facing the same problem since the update to asp.net core 2.0 !

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.