1

I'm trying to implement a basic version of the oauth flow using auth0 services. I've followed the basic setup and fetching a bearer token works but for some reason I can't get access to my controller. This is my startup class:

   namespace Webapi
{
    public class Startup
    {
        
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc();
            services.AddControllers();
           
            services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
            {
                options.Authority = "https://groep5.eu.auth0.com/";
                options.Audience = "https://localhost:44346/home/";
            });
        }

        
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }

            app.UseRouting();
            app.UseAuthorization();
            app.UseAuthentication();
            app.UseEndpoints(endpoints =>
            {
                endpoints.MapDefaultControllerRoute();
            });
        }
    }
}

And this is my controller:

namespace Webapi.Controllers
{
    public class HomeController : Controller
    {
        [Authorize]
        public string Leden()
        {
            return "retlok";
        }
        public string Test()
        {
            return "random tekst";
        }
    }
}

My first thought was that I had the permissions wrong, but I've added my method leden in multiple ways. I've done "leden", "https://localhost:44346/home/leden" and "read:leden". My problem is probably something simple, but I've been at it for a bit too long, so I thought it was easier to ask it on this website.

Improve this question
4
  • 1
    It might be worth adding a few more things to this question. Firstly, can you access the Test() action on your controller? If not, what do you see in the browser's console and network tabs (in developer tools)? In the absence of that information, I don't see any CORS config, so it might be worth starting there. Commented Apr 20, 2021 at 0:30
  • @DaveCluderay I'm sure that CORS wasn't part of the solution. I've tried adding it and as far as I know it did nothing. I am able to access test, so I'm sure there is nothing wrong with the routing. I've sort of fixed it, but I have no idea what did it but still thanks for the help. Commented Apr 20, 2021 at 10:56
  • 1
    Glancing back at this, I notice you have the UseAuthentication and UseAuthorization calls switched around the wrong way. Maybe it was just that, but glad you got it going anyway. The order in which you inject middleware is important in many cases, and MS have a page documenting their recommended order: learn.microsoft.com/en-us/aspnet/core/fundamentals/middleware/… Commented Apr 20, 2021 at 20:02
  • 1
    @DaveCluderay I did not know that was important. It turned out that you were right. Thanks for helping me because I'm sure this would be a problem in future projects. Commented Apr 21, 2021 at 9:54

2 Answers 2

Reset to default
1

The code looks good to me your definitely configuring something wrong please read the auth0 docs for asp.net core web api. https://auth0.com/docs/quickstart/backend/aspnet-core-webapi/01-authorization Its very straight forward.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I've followed the documentation and for some reason my code is still not working. The sample project they gave me works, but I can't find something that is breaking my project. I've been removing code from the sample project to put it as close as possible to my project but after removing everything that my project didn't have it still works. So I have no idea what did it, but it works now.
1

Thanks to user Dave Cluderay, I've found my answer. It turns out that the order that you add your middleware is important. So the order for app.UseAuthorization(); and app.UseAuthentication(); should have been reversed and my configure method should look something like this:

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseRouting();
        app.UseAuthentication();
        app.UseAuthorization();
        
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapDefaultControllerRoute();
        });
    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.