Asp.NET Core authentication failing
up vote
0
down vote
favorite
I'm trying to add authentication to my app, frontend VueJS backend Asp.NET core 2.1 but I'm failing to get it to actually authenticate in the end.
Setting up the authentication in Asp.NET:
var key = Encoding.ASCII.GetBytes("mysecret");
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();
var userId = int.Parse(context.Principal.Identity.Name);
var user = userService.GetById(userId);
if (user == null)
{
// return unauthorized if user no longer exists
context.Fail("Unauthorized");
}
return Task.CompletedTask;
}
};
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
My UserService is mocked to return the same hardcoded user always.
The frontend seems to be sending the correct token it gets from the backend when logging in:
But, I'm still getting rejected when calling authorized endpoints:
The server reports the following logs:
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action DnaBackend.Controllers.DnaController.UploadFile (DnaBackend) in 32.891ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 41.847ms 401
info: Microsoft.AspNetCore.Server.Kestrel[32]
Connection id "0HLIDVBUA1Q5P", Request id "0HLIDVBUA1Q5P:00000003": the application completed without reading the entire request body.
Any ideas why this is failing?
I'm using CORS too, if that makes any difference(?).
Login endpoint looks like so:
[HttpPost("login")]
public IActionResult Login([FromForm]LoginRequest loginRequest)
{
var user = _userService.Authenticate(loginRequest.Username, loginRequest.Password);
if (user == null)
return BadRequest(new { message = "Username or password is incorrect" });
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// return basic user info (without password) and token to store client side
return Ok(new LoginResponse(user.Id, user.Username, user.FirstName, user.LastName, tokenString));
}
asp.net authentication
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
add a comment |
up vote
0
down vote
favorite
I'm trying to add authentication to my app, frontend VueJS backend Asp.NET core 2.1 but I'm failing to get it to actually authenticate in the end.
Setting up the authentication in Asp.NET:
var key = Encoding.ASCII.GetBytes("mysecret");
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();
var userId = int.Parse(context.Principal.Identity.Name);
var user = userService.GetById(userId);
if (user == null)
{
// return unauthorized if user no longer exists
context.Fail("Unauthorized");
}
return Task.CompletedTask;
}
};
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
My UserService is mocked to return the same hardcoded user always.
The frontend seems to be sending the correct token it gets from the backend when logging in:
But, I'm still getting rejected when calling authorized endpoints:
The server reports the following logs:
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action DnaBackend.Controllers.DnaController.UploadFile (DnaBackend) in 32.891ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 41.847ms 401
info: Microsoft.AspNetCore.Server.Kestrel[32]
Connection id "0HLIDVBUA1Q5P", Request id "0HLIDVBUA1Q5P:00000003": the application completed without reading the entire request body.
Any ideas why this is failing?
I'm using CORS too, if that makes any difference(?).
Login endpoint looks like so:
[HttpPost("login")]
public IActionResult Login([FromForm]LoginRequest loginRequest)
{
var user = _userService.Authenticate(loginRequest.Username, loginRequest.Password);
if (user == null)
return BadRequest(new { message = "Username or password is incorrect" });
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// return basic user info (without password) and token to store client side
return Ok(new LoginResponse(user.Id, user.Username, user.FirstName, user.LastName, tokenString));
}
asp.net authentication
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to add authentication to my app, frontend VueJS backend Asp.NET core 2.1 but I'm failing to get it to actually authenticate in the end.
Setting up the authentication in Asp.NET:
var key = Encoding.ASCII.GetBytes("mysecret");
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();
var userId = int.Parse(context.Principal.Identity.Name);
var user = userService.GetById(userId);
if (user == null)
{
// return unauthorized if user no longer exists
context.Fail("Unauthorized");
}
return Task.CompletedTask;
}
};
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
My UserService is mocked to return the same hardcoded user always.
The frontend seems to be sending the correct token it gets from the backend when logging in:
But, I'm still getting rejected when calling authorized endpoints:
The server reports the following logs:
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action DnaBackend.Controllers.DnaController.UploadFile (DnaBackend) in 32.891ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 41.847ms 401
info: Microsoft.AspNetCore.Server.Kestrel[32]
Connection id "0HLIDVBUA1Q5P", Request id "0HLIDVBUA1Q5P:00000003": the application completed without reading the entire request body.
Any ideas why this is failing?
I'm using CORS too, if that makes any difference(?).
Login endpoint looks like so:
[HttpPost("login")]
public IActionResult Login([FromForm]LoginRequest loginRequest)
{
var user = _userService.Authenticate(loginRequest.Username, loginRequest.Password);
if (user == null)
return BadRequest(new { message = "Username or password is incorrect" });
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// return basic user info (without password) and token to store client side
return Ok(new LoginResponse(user.Id, user.Username, user.FirstName, user.LastName, tokenString));
}
asp.net authentication
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
I'm trying to add authentication to my app, frontend VueJS backend Asp.NET core 2.1 but I'm failing to get it to actually authenticate in the end.
Setting up the authentication in Asp.NET:
var key = Encoding.ASCII.GetBytes("mysecret");
services.AddAuthentication(x =>
{
x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(x =>
{
x.Events = new JwtBearerEvents
{
OnTokenValidated = context =>
{
var userService = context.HttpContext.RequestServices.GetRequiredService<IUserService>();
var userId = int.Parse(context.Principal.Identity.Name);
var user = userService.GetById(userId);
if (user == null)
{
// return unauthorized if user no longer exists
context.Fail("Unauthorized");
}
return Task.CompletedTask;
}
};
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(key),
ValidateIssuer = false,
ValidateAudience = false
};
});
// configure DI for application services
services.AddScoped<IUserService, UserService>();
My UserService is mocked to return the same hardcoded user always.
The frontend seems to be sending the correct token it gets from the backend when logging in:
But, I'm still getting rejected when calling authorized endpoints:
The server reports the following logs:
Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
Authorization failed.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[3]
Authorization failed for the request at filter 'Microsoft.AspNetCore.Mvc.Authorization.AuthorizeFilter'.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
Executing ChallengeResult with authentication schemes ().
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[2]
Successfully validated the token.
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[12]
AuthenticationScheme: Bearer was challenged.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action DnaBackend.Controllers.DnaController.UploadFile (DnaBackend) in 32.891ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 41.847ms 401
info: Microsoft.AspNetCore.Server.Kestrel[32]
Connection id "0HLIDVBUA1Q5P", Request id "0HLIDVBUA1Q5P:00000003": the application completed without reading the entire request body.
Any ideas why this is failing?
I'm using CORS too, if that makes any difference(?).
Login endpoint looks like so:
[HttpPost("login")]
public IActionResult Login([FromForm]LoginRequest loginRequest)
{
var user = _userService.Authenticate(loginRequest.Username, loginRequest.Password);
if (user == null)
return BadRequest(new { message = "Username or password is incorrect" });
var tokenHandler = new JwtSecurityTokenHandler();
var key = Encoding.ASCII.GetBytes(_appSettings.Secret);
var tokenDescriptor = new SecurityTokenDescriptor
{
Subject = new ClaimsIdentity(new
{
new Claim(ClaimTypes.Name, user.Id.ToString())
}),
Expires = DateTime.UtcNow.AddDays(7),
SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(key), SecurityAlgorithms.HmacSha256Signature)
};
var token = tokenHandler.CreateToken(tokenDescriptor);
var tokenString = tokenHandler.WriteToken(token);
// return basic user info (without password) and token to store client side
return Ok(new LoginResponse(user.Id, user.Username, user.FirstName, user.LastName, tokenString));
}
asp.net authentication
asp.net authentication
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
asked Nov 19 at 9:07
Roger Johansson
12.4k1465141
12.4k1465141
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
This turned out to be a case of just missing an app.UseAuthentication() in startup.cs
Not completely super intuivitve by ASP.NET to require this when you have also configured services using AddAuthentication.
So if anyone else have the same problem, you know why now :-)
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
This turned out to be a case of just missing an app.UseAuthentication() in startup.cs
Not completely super intuivitve by ASP.NET to require this when you have also configured services using AddAuthentication.
So if anyone else have the same problem, you know why now :-)
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
add a comment |
up vote
0
down vote
This turned out to be a case of just missing an app.UseAuthentication() in startup.cs
Not completely super intuivitve by ASP.NET to require this when you have also configured services using AddAuthentication.
So if anyone else have the same problem, you know why now :-)
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
add a comment |
up vote
0
down vote
up vote
0
down vote
This turned out to be a case of just missing an app.UseAuthentication() in startup.cs
Not completely super intuivitve by ASP.NET to require this when you have also configured services using AddAuthentication.
So if anyone else have the same problem, you know why now :-)
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
This turned out to be a case of just missing an app.UseAuthentication() in startup.cs
Not completely super intuivitve by ASP.NET to require this when you have also configured services using AddAuthentication.
So if anyone else have the same problem, you know why now :-)
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
answered Nov 19 at 10:07
Roger Johansson
12.4k1465141
12.4k1465141
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53371337%2fasp-net-core-authentication-failing%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
