✅ (SOLVED!) Bearer AUthentication in MVC using seperate API not working (HTTP 401)
Hi, I have a working ASP.NET Web API who takes the user from the database, check the credentials and gives an JWT bearer token with email and Role claims. This works all fine.
Now in MVC I have a controller with the [Authorize] on top. and I try to authenticate
For what I found on the internet, you can use a middleware (JwtMiddleware see screenshot). The appsettings for both projects are the same. (the JWT part)
Using debug I also figured that (if I don't use authorize but call User.Identity) the claims are correctly filled in but the IsAuthenticated boolean is false. I've tried a lot but I don't know what's wrong.
MVC's Program.cs:
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = builder.Configuration["Jwt:Issuer"],
ValidAudiences = builder.Configuration.GetSection("Jwt:Audiences").Get<List<string>>(),
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"])),
};
});
var app = builder.Build(); ... app.UseMiddleware<JwtMiddleware>(); app.UseAuthentication(); app.UseAuthorization(); If you need any more code let me know
var app = builder.Build(); ... app.UseMiddleware<JwtMiddleware>(); app.UseAuthentication(); app.UseAuthorization(); If you need any more code let me know
69 Replies
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Thank you, I’ll try it tomorrow (I sadly didn’t get your notification)
I’ve seen something similar to your first one when looking for solutions but yeah, thought it was about something different, but I’ll keep you updated, thank you in advance
hi @TeBeClone, I've done as you said but I'm still getting a 401 HTTP Error on my page
When I remove the Authorize and look at the User.Identiy tobject of my cotnroller, there ar eno claims at all
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
might sound a bit stupid but what do you mean with logging? Just logging in general or does the authentication have it's own logging to be turned on? I do not have any logging enabled atm, in fact I've never really used any logging before beside the regular old Console.WriteLines in debug
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
ooohhhhh that one alright sorry 😄
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Ueha Changed it to Information but nothing appears
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
still nothing in the terminal even when putting it on debug
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
aaah right sorry
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
yeah
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
that's waaay better
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
so somehow not authenticated
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
right, but that makes sense, since i don't have the middleware, there is no authentication bearer send as I use return Reroute
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
WebbApp with MVC (The bearer token is from a WebAPI but they have the same appsettignns regarding JWT)
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
ah
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
well heres the reroute where I also place the jwt in the cookies
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
I just followed multiple tutorials 😅
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
browser
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
yeah
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
no worries, I have to go out shopping in a bit myself, I understand
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
I see
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
alright, the thing is that the api's endpoints is also protected with the same JWT
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
so hence why I thougt the cookie like that wasn't all too bad as I need it to call teh api anyways with the bearer in the authentication header
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
ah alright
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
and regarding the whole TokenValidationParameters, are these still needed on the MVC's side?
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
this part
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
do I still need to implement this part then? 🙂
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
I'm not the best with the whole services part so far, but then I think I need to do something like this?
meanwhile I'll see if I can implement what you just said 🙂
the signin is reading the token, and setting teh user's claims using teh token?
or do I missunderstand that part
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
this will help a lot thx 😄
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
thanks for the help! I'll keep you updated if I get it working or not
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
thanks for the tip!
Well, seems like it all comes down to what I originally thought the problem was 😬 I'll look into it myself in the meantime but if I don't send anything that i resolved it, then I'm probably still stuck
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
I can't share the gitlab as it's a school project and it's a school hosted gitlab, and they closed it off so students can't look at another group's code
well, this is going to sound very stupid, but the project has to have asp.net api, an MVC app and a balzor app. MVC for the clients of the product owner, and Blazor for the product owner themselves
And Since I've used JWt before for my own project with blazor, this worked all fine, it is seemingly easier with Blazor to do this
Regardless I basically need to know who the user is and show them the correct pages and data. one company can only request it's own data, not someone elses data so it is utterly important that teh code knows who is authenticated
and I'll be honest, I didn't want to look in all the Auth0 stuff while I have a working API in my own project where I experimented with JWT before
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
I mean, fair, also uuhhmm, I got it working now
like a minute ago
so the only mistake left was that I didn't define with my claim witch type it was. And also that I had [Authorize(AuthenticationSchemes = "Bearer")] which obviosluy doesn't work as we are using the cookies for the claims now so leaving it to [Authorize got it fully working]
thanks again for the help, really helped me a lot!
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
Use the /close command to mark a forum thread as answered
Unknown User•13mo ago
Message Not Public
Sign In & Join Server To View
oh sorry haha