This is an update of:
I'm new to asp.net development and this is the first time I deploy an application. It works well at the development environment, debugged in visual studio. But when I deploy, I get the
401 (Unauthorized)
error when I login.
I'm using an Angular frontend which makes this post request requiring a token via OAuth. I receive this token and then I try to get the current authorized user. The user controller uses a custom authorize attribute which inherits the AuthorizeAttribute attribute. This is when I get this error, but only in production environment. At the development environment, using visual studio, iis express and the localdb everything works fine.
So here's my question: What can be the causes for it? Is there some configuration I'm missing at IIS or at the visual studio deploy? Is there something I have to change somewhere in the code to make it work in production environment?
I've done a little more research in the code and here's the thing: The custom AuthorizeAttribute works like a charm at the development environment, but not in production.
What I discovered so far is: the base.IsAuthorized(actionContext) always returns false, even when the token is sent correctly. I'm sending requests with the chrome ARC plugin. Moreover, the ClaimsIdentitydoes not seems to find the 'UserId' claim. Here's a little coding:
protected override bool IsAuthorized(HttpActionContext actionContext) {
if (!base.IsAuthorized(actionContext))
return false;
ClaimsPrincipal principal = GetRequestClaimsPrincipal(actionContext.ControllerContext.Controller);
var currentAccountPermission = GetAccountPermission(principal.Identity);
return HasPermission(currentAccountPermission);
}
private ClaimsPrincipal GetRequestClaimsPrincipal(IHttpController controller) {
return ((ApiController)controller).Request.GetRequestContext().Principal as ClaimsPrincipal;
}
private IEnumerable<UserPermission> GetAccountPermission(IIdentity identity)
{
var claimsIdentity = new ClaimsIdentity(identity);
var id = Convert.ToInt32(claimsIdentity.FindFirst("UserId").Value);
var accountPermissions = _userPermissionService.GetPermissionByUserId(id);
return accountPermissions;
}
In this block
if (!base.IsAuthorized(actionContext))
return false;
it always returns false. And in this block
var id = Convert.ToInt32(claimsIdentity.FindFirst("UserId").Value);
it throws an System.NullReferenceException
Reminding that these issues only occur on production environment.
So, what could it be? I copied the data from the development database to the production database, so the error can't be from there. Could it be some issue in the HttpActionContext object? What could change from the development environment that would make this happen in the production one?
Thanks.
The multiple times I deployed the application, I did it with the Visual Studio Web Deploy Package. And I really did it several times, just to test if I did it right. After that, I started publishing directly with the Web Deploy.
My site tree in IIS was like
|-Sites
|----Default
|-------MyApplication
And as I said it didn't work. I decided to start it all over and deleted the sites, deleted the related application pools and published utilizing the Web Deploy, but this time my site tree was like
|-Sites
|----MyApplication
...and now it worked. Reasons?