auth0 authorization to asp.net core api

Question

I started doing angular2 + asp.net core application, started implementing Auth0 . I created client application and a user.

Here is client application setup, provided url for Api :

User login works fine:

Now I have an api with this controller :

    [Route("api")]
public class PingController : Controller
{
    [Authorize]
    [HttpGet]
    [Route("ping/secure")]
    public string PingSecured()
    {
        return "All good. You only get this message if you are authenticated.";
    }
}

And in startup.cs I tried implementing like this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        var options = new JwtBearerOptions
        {
            Audience = "uUdThU122xYPugR8gLoNTr3HdJ6sWvQV",
            Authority = "https://dntquitpls.eu.auth0.com/",

        };

        if (env.IsDevelopment())
        {
            app.UseBrowserLink();
            app.UseDeveloperExceptionPage();
        };

        app.UseJwtBearerAuthentication(options);

        app.UseCors(builder =>
                    builder.WithOrigins("http://localhost:61290/").AllowAnyOrigin()
                           .AllowAnyHeader()
                           .AllowAnyMethod()
                    );

        app.UseDefaultFiles();

        app.UseStaticFiles();

        app.UseMvc(routes =>
        {
            routes.MapWebApiRoute("defaultApi",
                                  "api/{controller}/{id?}");
        });
    }

And it does not work getting this:

Api part is done by Auth0 Api tutorial, for example if I create a Api and there is a test Bearer token it works with that in api, also i configure Startup.cs file by that Api , but unfortunately with my Bearer token from response does not work.

Please any ideas why it does not work and I am not getting authorized?

Answer 1

Found a solution, now it works, the problem was in Startup.cs file in options HS256 Encoding, which is used for UseJwtBearerAuthentication , solution:

var keyAsBytes = Encoding.ASCII.GetBytes("CLIENT_SECRET");

    var options = new JwtBearerOptions
    {
        TokenValidationParameters =
        {
            ValidIssuer = "https://dntquitpls.eu.auth0.com/",
            ValidAudience = "uUdThU122xYPugR8gLoNTr3HdJ6sWvQV",
            IssuerSigningKey = new SymmetricSecurityKey(keyAsBytes)
        }
    };
    app.UseJwtBearerAuthentication(options);

source:

http://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/

if you want to work with RS256 encoding use this:

        var certificationData = Configuration["auth0:certificate"];
        var certificate = new X509Certificate2(Convert.FromBase64String(certificationData));

        var options = new JwtBearerOptions()
        {
            Audience = Configuration["auth0:clientId"],
            Authority = Configuration["auth0:authority"],
            AutomaticChallenge = true,
            AutomaticAuthenticate = true,

            TokenValidationParameters = {
                ValidIssuer = Configuration["auth0:authority"],
                ValidAudience = Configuration["auth0:clientId"],
                IssuerSigningKey = new X509SecurityKey(certificate)
            }
        };

        app.UseJwtBearerAuthentication(options);