Dennis Posts - Answer Overflow

Dennis

•Created by Dennis on 9/5/2024 in #help

When using iis run the project the 401 error handled in program.cs is not working(works in localhost

builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; 
})
.AddJwtBearer(options =>
{
   options.SaveToken = true;
    options.RequireHttpsMetadata = false;
    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidAudience = configuration["JWT:ValidAudience"],
        ValidIssuer = configuration["JWT:ValidIssuer"],
        IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(configuration["JWT:Secret"])),
        ValidateIssuerSigningKey = true,
    };
    options.Events = new JwtBearerEvents
    {
        OnChallenge = context =>
        {
            context.HandleResponse();
            context.Response.OnStarting(async () =>
            {
                // Write to the response based on token expiration
                var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
                if (IsTokenExpired(token))
                {
                    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                    context.Response.ContentType = "application/json"; // Set the content type to JSON
                    var response = new Response
                    {
                        Message = "Your token has expired.",
                        Error = new Err
                        {
                            Type = "authorization",
                            Content = "The provided token is no longer valid."
                        },
                    };
                    await context.Response.WriteAsync(System.Text.Json.JsonSerializer.Serialize(response));
                }
            });     
        }
    };
});

builder.Services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; 
})
.AddJwtBearer(options =>
{
   options.SaveToken = true;
    options.RequireHttpsMetadata = false;
    options.TokenValidationParameters = new TokenValidationParameters()
    {
        ValidateIssuer = true,
        ValidateAudience = true,
        ValidAudience = configuration["JWT:ValidAudience"],
        ValidIssuer = configuration["JWT:ValidIssuer"],
        IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(configuration["JWT:Secret"])),
        ValidateIssuerSigningKey = true,
    };
    options.Events = new JwtBearerEvents
    {
        OnChallenge = context =>
        {
            context.HandleResponse();
            context.Response.OnStarting(async () =>
            {
                // Write to the response based on token expiration
                var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
                if (IsTokenExpired(token))
                {
                    context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                    context.Response.ContentType = "application/json"; // Set the content type to JSON
                    var response = new Response
                    {
                        Message = "Your token has expired.",
                        Error = new Err
                        {
                            Type = "authorization",
                            Content = "The provided token is no longer valid."
                        },
                    };
                    await context.Response.WriteAsync(System.Text.Json.JsonSerializer.Serialize(response));
                }
            });     
        }
    };
});

the error response text is not showing, just return 401 error in iis, but works in localhost

13 replies

CC#

•Created by Dennis on 9/5/2024 in #help

✅ iis problem

I have a question: in asp.net6.0 I handle the jwt unaothorized error in program.cs: // Adding Jwt Bearer .AddJwtBearer(options => { options.SaveToken = true; options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = true, ValidateAudience = true, ValidAudience = configuration["JWT:ValidAudience"], ValidIssuer = configuration["JWT:ValidIssuer"], IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(configuration["JWT:Secret"])), ValidateIssuerSigningKey = true, }; options.Events = new JwtBearerEvents { OnChallenge = context => { context.HandleResponse(); context.Response.OnStarting(async () => { // Write to the response based on token expiration var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", ""); if (IsTokenExpired(token)) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; context.Response.ContentType = "application/json"; // Set the content type to JSON var response = new Response { Message = "Your token has expired.", Error = new Err { Type = "authorization", Content = "The provided token is no longer valid." }, }; await context.Response.WriteAsync(System.Text.Json.JsonSerializer.Serialize(response)); } }); return Task.CompletedTask; } }; }); But the code only works in localhost, not in iis, how I make it work in iis? Should I set somthing in iis?

9 replies

Gaming

Programming