rafalz
❔ The built-in authentication is not working
Hi, for some time now I've been learning ASP.NET Core as I have ambitions to build my own technology stack using React + .NET. I'm currently in the process of building a simple API for an online store as part of my basic .NET learning. I've encountered an issue with authorization - despite the settings I've put together from various tutorials, posts, etc.
When sending a request to the server with a JWT token in the Cookies, which contains a claim 'admin' with a value of 'true', I receive a server response with a 401 status code. However, when I remove the '[Authorize(Policy = "AdminOnly")]' attribute from the endpoint, everything works correctly. I've been searching for the possible cause of the error and I have no idea where the issue might lie.
The JWT token contains a claim 'admin' with a value of 'true'.
The JWT token is valid when sending the request.
Here is the 'GenerateToken' method responsible for generating the JWT token, which is saved in Cookies during login:
https://github.com/rafalzzz/online-store-api/blob/b613c92b4cb0fb021ddde5c88ee8efc0d308878c/Services/JwtService.cs#L29
Here is the authentication configuration:
https://github.com/rafalzzz/online-store-api/blob/add-authorization/Configuration/AuthenticationConfiguration.cs
Here is the authorization configuration:
https://github.com/rafalzzz/online-store-api/blob/add-authorization/Configuration/AuthorizationConfiguration.cs
Middleware for checking the JWT token in the cookie:
https://github.com/rafalzzz/online-store-api/blob/add-authorization/Middleware/CookieAuthenticationMiddleware.cs
And the settings in the Program.cs file:
https://github.com/rafalzzz/online-store-api/blob/add-authorization/Program.cs
Could someone take a look at this and tell me where the issue might be? I've already spent several hours researching and trying different solutions, but without success.
Thank you in advance.
35 replies