C
C#15mo ago
Temptica

✅ (SOLVED!) Bearer AUthentication in MVC using seperate API not working (HTTP 401)

Hi, I have a working ASP.NET Web API who takes the user from the database, check the credentials and gives an JWT bearer token with email and Role claims. This works all fine. Now in MVC I have a controller with the [Authorize] on top. and I try to authenticate For what I found on the internet, you can use a middleware (JwtMiddleware see screenshot). The appsettings for both projects are the same. (the JWT part) Using debug I also figured that (if I don't use authorize but call User.Identity) the claims are correctly filled in but the IsAuthenticated boolean is false. I've tried a lot but I don't know what's wrong. MVC's Program.cs: builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, ValidIssuer = builder.Configuration["Jwt:Issuer"], ValidAudiences = builder.Configuration.GetSection("Jwt:Audiences").Get<List<string>>(), IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])), }; });
var app = builder.Build(); ... app.UseMiddleware<JwtMiddleware>(); app.UseAuthentication(); app.UseAuthorization(); If you need any more code let me know
No description
69 Replies
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
Thank you, I’ll try it tomorrow (I sadly didn’t get your notification) I’ve seen something similar to your first one when looking for solutions but yeah, thought it was about something different, but I’ll keep you updated, thank you in advance
Temptica
TempticaOP15mo ago
hi @TeBeClone, I've done as you said but I'm still getting a 401 HTTP Error on my page When I remove the Authorize and look at the User.Identiy tobject of my cotnroller, there ar eno claims at all
No description
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
might sound a bit stupid but what do you mean with logging? Just logging in general or does the authentication have it's own logging to be turned on? I do not have any logging enabled atm, in fact I've never really used any logging before beside the regular old Console.WriteLines in debug
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
ooohhhhh that one alright sorry 😄
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
Ueha Changed it to Information but nothing appears
No description
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
still nothing in the terminal even when putting it on debug
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
aaah right sorry
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
yeah
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
that's waaay better
No description
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
so somehow not authenticated
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
right, but that makes sense, since i don't have the middleware, there is no authentication bearer send as I use return Reroute
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
WebbApp with MVC (The bearer token is from a WebAPI but they have the same appsettignns regarding JWT)
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
ah
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
well heres the reroute where I also place the jwt in the cookies
No description
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
I just followed multiple tutorials 😅
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
browser
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
yeah
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
no worries, I have to go out shopping in a bit myself, I understand
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
I see
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
alright, the thing is that the api's endpoints is also protected with the same JWT
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
so hence why I thougt the cookie like that wasn't all too bad as I need it to call teh api anyways with the bearer in the authentication header
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
ah alright
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
and regarding the whole TokenValidationParameters, are these still needed on the MVC's side?
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
this part
No description
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
do I still need to implement this part then? 🙂
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
I'm not the best with the whole services part so far, but then I think I need to do something like this? meanwhile I'll see if I can implement what you just said 🙂
No description
Temptica
TempticaOP15mo ago
the signin is reading the token, and setting teh user's claims using teh token? or do I missunderstand that part
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
this will help a lot thx 😄
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
thanks for the help! I'll keep you updated if I get it working or not
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
thanks for the tip!
Temptica
TempticaOP15mo ago
Well, seems like it all comes down to what I originally thought the problem was 😬 I'll look into it myself in the meantime but if I don't send anything that i resolved it, then I'm probably still stuck
No description
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
I can't share the gitlab as it's a school project and it's a school hosted gitlab, and they closed it off so students can't look at another group's code well, this is going to sound very stupid, but the project has to have asp.net api, an MVC app and a balzor app. MVC for the clients of the product owner, and Blazor for the product owner themselves And Since I've used JWt before for my own project with blazor, this worked all fine, it is seemingly easier with Blazor to do this Regardless I basically need to know who the user is and show them the correct pages and data. one company can only request it's own data, not someone elses data so it is utterly important that teh code knows who is authenticated and I'll be honest, I didn't want to look in all the Auth0 stuff while I have a working API in my own project where I experimented with JWT before
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
I mean, fair, also uuhhmm, I got it working now like a minute ago
Temptica
TempticaOP15mo ago
so the only mistake left was that I didn't define with my claim witch type it was. And also that I had [Authorize(AuthenticationSchemes = "Bearer")] which obviosluy doesn't work as we are using the cookies for the claims now so leaving it to [Authorize got it fully working]
No description
Temptica
TempticaOP15mo ago
thanks again for the help, really helped me a lot!
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
MODiX
MODiX15mo ago
Use the /close command to mark a forum thread as answered
Unknown User
Unknown User15mo ago
Message Not Public
Sign In & Join Server To View
Temptica
TempticaOP15mo ago
oh sorry haha

Did you find this page helpful?