I am trying to validate a JWT token, but still I am getting 401 error.
This is my code:
Program.cs
:
builder.Services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "JWTToken_Auth_Api", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = @"JWT Authorization header using the Bearer scheme. \r\n\r\n
Enter 'Bearer' [space] and then your token in the text input below.
\r\n\r\nExample: 'Bearer 12345abcdef'",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
BearerFormat = "JWT",
Scheme = "bearer"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
new string[]{ }
}
});
});
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.IncludeErrorDetails = true;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = true,
ValidateAudience = true,
ValidateLifetime = true,
ValidateIssuerSigningKey = false,
ValidAudience = builder.Configuration["Jwt:Audience"],
ValidIssuer = builder.Configuration["Jwt:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration["Jwt:Key"]))
};
});
Inside my controller, I created a function to get the token value:
[NonAction]
public string GetToken(LoginUser loginUser)
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, _configuration["Jwt:Subject"]),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()),
new Claim("UserId", loginUser.UserLogin),
new Claim("Name", loginUser.FirstName +" "+ loginUser.LastName),
new Claim("Email", loginUser.Email)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:Key"]));
// var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var token = new JwtSecurityToken(
_configuration["Jwt:Issuer"],
_configuration["Jwt:Audience"],
claims,
expires: DateTime.UtcNow.AddMinutes(10),
signingCredentials: signIn);
string Token = new JwtSecurityTokenHandler().WriteToken(token);
return Token;
}
After logging in and getting the token value, when I am trying to access the other API service, I am getting this error:
Please tell me - what am I doing wrong?
Try to use SecurityTokenDescriptor Class to create a security token
Contains some information which used to create a security token.
Try to have a little modify to your code like:
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, _configuration["Jwt:Subject"]),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
new Claim(JwtRegisteredClaimNames.Iat, DateTime.UtcNow.ToString()),
new Claim("UserId", loginUser.UserLogin),
new Claim("Name", loginUser.FirstName +" "+ loginUser.LastName),
new Claim("Email", loginUser.Email)
};
var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["Jwt:Key"]));
// var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var signIn = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);
var tokenDescriptor1 = new SecurityTokenDescriptor {
Issuer = _configuration["Jwt:Issuer"],,
Audience =_configuration["Jwt:Audience"],
Subject = new ClaimsIdentity(claims),
Expires= DateTime.UtcNow.AddMinutes(10),
SigningCredentials= signIn };
var tokenObject1 = new JwtSecurityTokenHandler().CreateToken(tokenDescriptor1);
string Token = new JwtSecurityTokenHandler().WriteToken(tokenObject1);
return Token;