I'm trying to set up token-based authentication for my web-api. As of now i am generating the token correctly, but i'm having issues authorizing with the token. Using postman, i'm getting 401 Unauthorized on all posts. I have currently configured Jwt as follow:
Startup.cs
public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } private IConfiguration Configuration { get; } public void ConfigureServices(IServiceCollection services) { services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { ValidateIssuer = true, ValidateAudience = true, ValidateLifetime = true, ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"])) }; }); services.AddMvc(); services.AddControllers(); services.AddSingleton<ITitleDataService, TitleDataService>(); services.AddSingleton<IPersonDataService, PersonDataService>(); services.AddSingleton<IUserDataService, UserDataService>(); services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); services.AddControllersWithViews() .AddNewtonsoftJson(options => options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore ); services.AddMvc().AddControllersAsServices(); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseRequestLogging(); app.UseRouting(); app.UseAuthentication(); app.UseAuthorization(); app.UseFileServer(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } } } This is my controller:
//LOGIN [HttpPost("user/login/")] public IActionResult Login(UserDto userDto) { var user = _dataService.Login(userDto.Username, userDto.Password); IActionResult response = Unauthorized(); if (user) { var tokenStr = GenerateJSONWebToken(userDto); response = Ok(new {tokenStr}); } else { return BadRequest("User not authorized"); } return response; } [Authorize] [HttpPost("post")] public string Post() { var identity = HttpContext.User.Identity as ClaimsIdentity; IList<Claim> claim = identity.Claims.ToList(); Console.WriteLine(claim.Count); var username = claim[0].Value; Console.WriteLine(username); return "Welcome to " + username; } [Authorize] [HttpGet("GetValue")] public ActionResult<IEnumerable<string>> Get() { return new string[] {"Value1", "Value2", "Value3"}; } private string GenerateJSONWebToken(UserDto userDto) { var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"])); var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256); var claims = new[] { new Claim(JwtRegisteredClaimNames.Sub, userDto.Username), new Claim(JwtRegisteredClaimNames.Email, userDto.Password), new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()), }; var token = new JwtSecurityToken( issuer: "Issuer", audience: "Issuer", claims, expires: DateTime.Now.AddMinutes(120), signingCredentials: credentials); var encodetoken = new JwtSecurityTokenHandler().WriteToken(token); return encodetoken; } I have tried to rearrange the middleware pipeline without any luck. I have very little experience with tokens, and am therefore pretty lost on how to solve this. All suggestions are highly appreciated!
Best regards, Jesper
