ASP.NET CORE REST API (401 Unauthorized)

Question

---

I'm getting troubles with the publishing of my REST API made in ASP.NET CORE.

When I'm debugging my code in the localhost, it's all right.

But when I want to publish it in IIS 10.0, I can navigate into the swagger UI.

Nevertheless, if I want to use a Get method that allows anonymous authorization, I get 401 error.

Please help this poor and junior soul. If you need some more information, please ask me

Answer 1

I'm using JwtBearer and this is my startup.cs code:

---

 public class Startup
{
    private readonly string _myPolicy = "_myPolicy";
    public  Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = Microsoft.AspNetCore.Http.SameSiteMode.None;

        });



        services.AddAuthentication(x =>
        {
            x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
            x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
        }).AddJwtBearer(x =>
        {
            x.RequireHttpsMetadata = false;
            x.SaveToken = true;
            x.TokenValidationParameters = new TokenValidationParameters
            {
               //My secret parameters
                ClockSkew = TimeSpan.Zero
            };
        });
        services.Configure<MvcOptions>(options => options.Filters.Add(new CorsAuthorizationFilterFactory(_myPolicy)));

        services.AddSwaggerGen(config =>
        {
            config.SwaggerDoc("V1", new Info
            {
                Title = "MiApi",
                Version = "V1",

            });
        });
        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
        ConfigurationService(services);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        app.UseSwagger();
        app.UseSwaggerUI(config =>
        {
            config.SwaggerEndpoint("/swagger/V1/swagger.json", "MiApiV1");
            config.OAuthUseBasicAuthenticationWithAccessCodeGrant();
        });
        app.Use(next => async context => {
            try
            {
                await next(context);
            }

            catch
            {
                // If the headers have already been sent, you can't replace the status code.
                // In this case, throw an exception to close the connection.
                if (context.Response.HasStarted)
                {
                    throw;
                }

                context.Response.StatusCode = 401;
            }
        });
        app.UseAuthentication();

        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
            app.UseHsts();
        }


        app.UseStaticFiles();
        app.UseCookiePolicy();

        app.UseMvc(routes =>
        {
            routes.MapRoute(name: "default", template: "{controller-home}/{action = Index}/{id?}");
        });


        app.UseMvc();
    }
}

---

Besides, if you have a piece of advice to me about my code, it's welcome.