17

Trying to use bearer token based authentification in simple .Net Core Web API project. Here is my Startup.cs

app.UseMvc(); //--- const string secretKey = "mysupersecret_secretkey!123"; SymmetricSecurityKey signingKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secretKey)); SigningCredentials signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); //--- const string audience = "Audience"; const string issuer = "Issuer"; //--- TokenValidationParameters tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = false, ValidIssuer = issuer, ValidateAudience = true, ValidAudience = audience, ValidateLifetime = true, ClockSkew = TimeSpan.Zero, AuthenticationType = JwtBearerDefaults.AuthenticationScheme }; //--- app.UseJwtBearerAuthentication(new JwtBearerOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, TokenValidationParameters = tokenValidationParameters, AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme, });

Also i add AuthorizeAttribute to controllers action

[HttpGet] [Authorize(ActiveAuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)] public IEnumerable<string> Get() { return new[] { "value1", "value2" }; }

But when try to send get request with header Authorization: Bearer [TOKEN] i get exception

System.InvalidOperationException: No authentication handler is configured to authenticate for the scheme: Bearer at Microsoft.AspNetCore.Http.Authentication.Internal.DefaultAuthenticationManager.

So what is this 'authentication handler'? Where i need to set this handler?

Improve this question
2

2 Answers 2

Reset to default
28

In ASP.NET Core, the order of the middleware matters: they are executed in the same order as they are registered. Here, app.UseMvc() is called before the JWT bearer middleware, so this can't work.

Put app.UseMvc() at the end of your pipeline and it should work:

app.UseJwtBearerAuthentication(new JwtBearerOptions { AutomaticAuthenticate = true, AutomaticChallenge = true, TokenValidationParameters = tokenValidationParameters, AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme, }); app.UseMvc();
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is not working anymore as it's obsolete. I'm still hunting for a solution.
6

For .NET Core 3.0 you would need:

In ConfigureServices(IServiceCollection services):

services.AddAuthentication() .AddJwtBearer(options => { options.Authority = issuer; options.Audience = audience; options.TokenValidationParameters = tokenValidationParameters; });

In Configure(IApplicationBuilder app, IWebHostEnvironment env):

// Add it after app.UseRouting() and before app.UseEndpoints()! // Order of middlewares is important! app.UseAuthentication(); app.UseAuthorization();

PS: To omit authentication scheme indication in [Authorize] attribute you could set the default authentication scheme in ConfigureServices(IServiceCollection services) in AuthenticationOptions options:

services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; });
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.