C#•5d ago

✅ jwt token

Hello guys, hopeyou are doing great in new year, I am new to dotnet, and actually facing a probelmregarding JWT token and appriciate any help:) The point is, I'm using dotnet 8, and added the JWT using using Microsoft.AspNetCore.Authentication.JwtBearer; which works completely fine on dev environment, and I have set up the setting for it like this: Logging": { "LogLevel": { "Default": "Information", "Microsoft.AspNetCore": "Warning" } }, "AllowedHosts": "*", "CORS": { "AllowedOrigins": ["http://localhost:3000", "https://localhost:3000"] }, "JwtSettings": { "Issuer": "https://localhost:7217/api", "Audience": "http://localhost:3000", "SecretKey": "***", "ExpiresInMinutes": 1440 } and Im using this tag to make them accessible via token[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] over ecah controller I need it. I'm using Azure for deploying for test env and I defined CROS policy, secret key and other suff like I did for dev, and it is working but for the endpoints I used that accesibilty tag I get CORS and 500 server error. although as I said, I already defined CORS policy and it is working for other endpoints andI tested a lot of things but none worked. Appriciate any idea and help 🥹 here is my config for test env:

{
"Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "CORS": {
    "AllowedOrigins": ["https://test-app.hitaxi.cab"]
  },
  "JwtSettings": {
    "Issuer": "https://test-api.hitaxi.cab/api",
    "Audience": "https://test-app.hitaxi.cab",
    "SecretKey": "**",
    "ExpiresInMinutes": 60
  }
}

11 Replies

✿ Scarlet ✿•5d ago

To define cors policy you need to use UseCors() The configuration alone won't do nothing and serves only as an easy way to differ cors configurations from environments Example for Minimal apis:

builder.Services.AddCors(options =>
{
    options.AddPolicy(name: "devblogs",
        policy  =>
        {
            policy.WithOrigins("https://mtreit.com", "https://www.wbg.org");
        });
});

builder.Services.AddCors(options =>
{
    options.AddPolicy(name: "devblogs",
        policy  =>
        {
            policy.WithOrigins("https://mtreit.com", "https://www.wbg.org");
        });
});

MohiOP•5d ago

Thanks for answering @✿ Scarlet ✿ , actually I already define UseCors and it is woking on other endpoints which don't have Authorize tag before them

services.AddCors(options =>
        {
            options.AddPolicy(
                "AllowSpecificOrigins",
                builder =>
                {
                    var corsOrigins = configuration
                        .GetSection("CORS:AllowedOrigins")
                        .Get<string[]>();
                    if (corsOrigins is null || corsOrigins.Length == 0)
                    {
                        throw new InvalidOperationException(
                            "CORS:AllowedOrigins is not configured properly."
                        );
                    }
                    builder
                        .WithOrigins(corsOrigins)
                        .AllowAnyMethod()
                        .AllowAnyHeader()
                        .AllowCredentials();
                }
            );
        });

✿ Scarlet ✿•5d ago

That's weird then Have you tried to use a curl to check if the cors headers are being returned correctly? + can you share the error you are getting in console browser?

MohiOP•5d ago

I used postman on the dev env actually and it worked, also for other requests witouth the Authorize tag it works fine, my login and other requests work fine and I get the token, but when I use it to get another data I get this error: