I am new to .net core, and I am trying to create web api core which implements jwt for authentication and authorization purposes.
Inside Startup class I configured it this way:
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddDbContext<MandarinDBContext>(options =>
options.UseSqlServer(Configuration.GetConnectionString("MyConnection")));
services.AddIdentity<User, Role>()
.AddEntityFrameworkStores<MyDBContext>()
.AddDefaultTokenProviders();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = false,
ValidateAudience = false,
ValidateLifetime = true,
ValidateIssuerSigningKey = true,
ValidIssuer = "yourdomain.com",
ValidAudience = "yourdomain.com",
IssuerSigningKey = new SymmetricSecurityKey(
Encoding.UTF8.GetBytes("My secret goes here"))
};
options.RequireHttpsMetadata = false;
});
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
// Add application services.
services.AddTransient<IUserService, UserService>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseAuthentication();
app.UseMvc();
}
}
But when I try to call the following action:
[Authorize]
[HttpGet]
[Route("api/Tokens")]
public IActionResult TestAuthorization()
{
return Ok("You're Authorized");
}
I get 404 not found. If I remove Authorize attribute it's working .
Could you please guide me to solve that issue?
It happens when your API is not authorized and your redirect URL doesn't exist. When authentication fails, Web API will send a 401 code. Now if you are handling this code on the client side and doing a redirect for an authorization failure, then make sure that the redirected Url exists. Also, Do not add the [Authorize] attribute to the controller that handles Authentication methods (Login/Register). Your culprit looks to be the Authorize attribute. Since you are using JWT authentication scheme. Your authorize attribute should be following
[Authorize(AuthenticationSchemes = "Bearer")]
[HttpGet]
[Route("api/Tokens")]
public IActionResult TestAuthorization()
{
return Ok("You're Authorized");
}
To make it default authentication scheme, Change AddIdentity to AddIdentityCore. here is a very good article.
Using JwtBearer Authentication in an API-only ASP.NET Core Project