Dennis
Dennis
CC#
Created by Dennis on 9/5/2024 in #help
When using iis run the project the 401 error handled in program.cs is not working(works in localhost
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudience = configuration["JWT:ValidAudience"],
ValidIssuer = configuration["JWT:ValidIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(configuration["JWT:Secret"])),
ValidateIssuerSigningKey = true,
};
options.Events = new JwtBearerEvents
{
OnChallenge = context =>
{
context.HandleResponse();
context.Response.OnStarting(async () =>
{
// Write to the response based on token expiration
var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
if (IsTokenExpired(token))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Response.ContentType = "application/json"; // Set the content type to JSON
var response = new Response
{
Message = "Your token has expired.",
Error = new Err
{
Type = "authorization",
Content = "The provided token is no longer valid."
},
};
await context.Response.WriteAsync(System.Text.Json.JsonSerializer.Serialize(response));
}
});
}
};
});
builder.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidAudience = configuration["JWT:ValidAudience"],
ValidIssuer = configuration["JWT:ValidIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(configuration["JWT:Secret"])),
ValidateIssuerSigningKey = true,
};
options.Events = new JwtBearerEvents
{
OnChallenge = context =>
{
context.HandleResponse();
context.Response.OnStarting(async () =>
{
// Write to the response based on token expiration
var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", "");
if (IsTokenExpired(token))
{
context.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Response.ContentType = "application/json"; // Set the content type to JSON
var response = new Response
{
Message = "Your token has expired.",
Error = new Err
{
Type = "authorization",
Content = "The provided token is no longer valid."
},
};
await context.Response.WriteAsync(System.Text.Json.JsonSerializer.Serialize(response));
}
});
}
};
});
the error response text is not showing, just return 401 error in iis, but works in localhost
13 replies
CC#
Created by Dennis on 9/5/2024 in #help
✅ iis problem
I have a question: in asp.net6.0 I handle the jwt unaothorized error in program.cs: // Adding Jwt Bearer .AddJwtBearer(options => { options.SaveToken = true; options.RequireHttpsMetadata = false; options.TokenValidationParameters = new TokenValidationParameters() { ValidateIssuer = true, ValidateAudience = true, ValidAudience = configuration["JWT:ValidAudience"], ValidIssuer = configuration["JWT:ValidIssuer"], IssuerSigningKey = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(configuration["JWT:Secret"])), ValidateIssuerSigningKey = true, }; options.Events = new JwtBearerEvents { OnChallenge = context => { context.HandleResponse(); context.Response.OnStarting(async () => { // Write to the response based on token expiration var token = context.Request.Headers["Authorization"].ToString().Replace("Bearer ", ""); if (IsTokenExpired(token)) { context.Response.StatusCode = StatusCodes.Status401Unauthorized; context.Response.ContentType = "application/json"; // Set the content type to JSON var response = new Response { Message = "Your token has expired.", Error = new Err { Type = "authorization", Content = "The provided token is no longer valid." }, }; await context.Response.WriteAsync(System.Text.Json.JsonSerializer.Serialize(response)); } }); return Task.CompletedTask; } }; }); But the code only works in localhost, not in iis, how I make it work in iis? Should I set somthing in iis?
9 replies