DEVHIDE
Login Or Sign up

Web API not authorized when using JwtBearerAuthenticationOptions

1.4k Views Asked by At

I have taken section 2 from a walkthrough on how to authorize with jwt so that I can get an access token from my client and authorize them to use the api. However, I can't seem to get this to work. I keep on getting a 401 message from Postman accompanied by a:

{
  "Message": "Authorization has been denied for this request."
}

Tutorial Link: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/

The access token comes from an authorization service I have created in Java, so the first section of the tutorial does not apply to me.

JWT

{
  "exp": 1489641048,
  "user_name": "testuser",
  "authorities": [
    "USER"
  ],
  "jti": "2dde11c3-2f06-496c-9b36-4dbf71cdc2e2",
  "client_id": "webreport_service",
  "scope": [
    "USER"
  ]
}

Web API code snippet

 public void ConfigureOAuth(IAppBuilder app)
    {

        var audience = "webreport_service";

        // Api controllers with an [Authorize] attribute will be validated with JWT
        app.UseJwtBearerAuthentication(
            new JwtBearerAuthenticationOptions
            {
                AuthenticationMode = AuthenticationMode.Active,
                AllowedAudiences = new[] { audience },
                IssuerSecurityTokenProviders = new IIssuerSecurityTokenProvider[]
                {

                    new SymmetricKeyIssuerSecurityTokenProvider("Any", "abc123")
                }
            });

    }

It is slightly different from what is on the link in section 2, but that is because I don't base64 encode my secret and I also do not put the issuer in my jwt.

Postman

GET /api/protected HTTP/1.1
Host: localhost:54706
Authenticate: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0ODk2NDEyOTAsInVzZXJfbmFtZSI6InRlc3R1c2VyIiwiYXV0aG9yaXRpZXMiOlsiVVNFUiJdLCJqdGkiOiJlMDNkNWZmZC1hZWI4LTRkODctOGQ3My0zNjhjYjQ2ZDg2OWUiLCJjbGllbnRfaWQiOiJ3ZWJyZXBvcnRfc2VydmljZSIsInNjb3BlIjpbIlVTRVIiXX0.C4hivwA1VF-0GO0xCVUoDIheWQWlAcVWvAzChZTgrHY
Cache-Control: no-cache
Postman-Token: ff628109-d5f4-76e0-41c2-e0c7d377b93f

Any help would be greatly appreciated.

Thanks!

asp.net asp.net-web-api owin jwt owin-security
Original Q&A
1

There are 1 best solutions below

0
Deco Lee Taek Ho On

I think so check the following:

Firstly:

Check your secret base64 code. 'abc123' is true? I'm check your token in jwt.io website on your secret code. but Invalid Signature

Secondly:

Check your payload value. What is 'iss' your jwt payload. / your issuer validate set 'Any'

What is 'aud' your jwt payload. / your audience validate set 'webreport_service'

Think about it.

Best regard

Related Questions in ASP.NET

Related Questions in ASP.NET-WEB-API

Related Questions in OWIN

Related Questions in JWT

Related Questions in OWIN-SECURITY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.