DotNet Core 2.0 Web API - [Authorize] don't block

Question

My project is in DotNet Core Web Api. For authorize I use JWT ant Identity framework. First it worked only with JWT and [Authorize] attribute by controller:

[HttpGet]
[Authorize]
public IEnumerable<string> Get()
{
    return new string[] { "value1", "value2", "value3" };
}

After adding Identity, [Authorize] attribute don't check reaquests. My Startup.cs file:

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddDbContext<PaszoDbContext>();

        services.AddIdentity<IdentityUser, IdentityRole>(o => {
            o.Password.RequireDigit = false;
            o.Password.RequiredLength = 1;
            o.Password.RequireLowercase = false;
            o.Password.RequireUppercase = false;
            o.Password.RequireNonAlphanumeric = false;
        })
            .AddEntityFrameworkStores<PaszoDbContext>()
            .AddDefaultTokenProviders();

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = Configuration["Jwt:Issuer"],
                    ValidAudience = Configuration["Jwt:Issuer"],
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
                };
            });
        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }

        app.UseAuthentication();

        app.UseMvc();
    }
}

is services.AddIdentity conflict with services.AddAuthentication and app.UseAuthentication(); ?

Answer 1

The problem was in AddAuthentication options. I set it like:

    services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(options =>
            {
                options.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuer = true,
                    ValidateAudience = true,
                    ValidateLifetime = true,
                    ValidateIssuerSigningKey = true,
                    ValidIssuer = Configuration["Jwt:Issuer"],
                    ValidAudience = Configuration["Jwt:Issuer"],
                    IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["Jwt:Key"]))
                };
            });

Now JWT working perfectly with Identity.

DotNet Core 2.0 Web API - [Authorize] don't block

Question

1 answers

solution1
0 ACCPTED 2018-03-08 05:31:24

DotNet Core 2.0 Web API - [Authorize] don't block

Question

1 answers

solution1 0 ACCPTED 2018-03-08 05:31:24

solution1
0 ACCPTED 2018-03-08 05:31:24