401 Unauthorized error on subsequent REST API requests
Question
I am getting 401 Unauthorized error on subsequent REST API requests , after the 1st successful response with 200 Ok. See steps to reproduce below.
Steps to Reproduce:
Authenticate and Get Authorization Token - Successful
Submit First API Request - Successful
- Submit Subsequent API Request - 401 Unauthorized
Note : This works fine when I debug locally or deploy on Azure. However, I get 401 Unauthorized in one of my hosting environment . And support staff giving hard time and not able to resolve this issue.
Note : You may see different bearer token in my screenshots but I am passing same token in all requests.
- Why is it giving issues only on 1 hosting environment and on subsequent requests?
- Do I need any specific changes to my web.config file so my subsequent requests are recognized by same bearer token?
Update-1 : Below is the response from both my domain (401) and azure (200 ok) put in side-by-side. I see Azure additionally sends ARRAffinity and ARRAffinitySameSite in cookies. Hope this info might help.
1 answers
solution1
0 ACCPTED 2020-11-11 22:16:41
I was missing Machine Key in my web.config file needed for web farm as my hosting environment uses 3 nameservers, as it didn't recognize the token from 2nd request onward.
From MS Docs: If you deploy application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey for Machine Key , which are used for hashing and decryption respectively. This is required as you cant guarantee which server will handle successive requests.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.