Auth0 .Net Core 5 API Keep returning 401-Unauthorirezd
Question
I'm trying to secure an.Net Core 5 API, with Auth0. But I've some difficulties. I'm working on this form some days now without success.
The API keep returning me "401 Unauthorized". I'm testing the API with Postman Windows App.
For the moment I'm messing with the default API template WeatherForecast from Visual Studio 2019
Calling the public method/EndPoint work fine (http://localhost:20741/WeatherForecast/public)
I'm requesting a token with Postman, witch I supply to the GET Request as a Bearer Token. But When I call the private endpoing (http://localhost:20741/WeatherForecast/private) I keep getting the 401 error.
I've downloaded the sample.Net Core 3.0 project from Auth0 web site and Private or public endpoint work fine. and I'm using the same Audience and Authority on both project. I think it has something to do the.Net Core 5 config or something
Can someone help me please.
Here some code:
namespace AuthWebApplication1
{
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.OpenApi.Models;
using WebAPIApplication;
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "AuthWebApplication1", Version = "v1" });
});
services.AddCors(options =>
{
options.AddPolicy("AllowSpecificOrigin",
builder =>
{
builder
.WithOrigins("http://localhost:3000", "http://localhost:4200")
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
});
string domain = $"https://dev-***2b.us.auth0.com/";
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = domain;
options.Audience = "https://localhost:44349/";
});
services.AddAuthorization(options =>
{
options.AddPolicy("read:messages", policy => policy.Requirements.Add(new HasScopeRequirement("read:messages", domain)));
});
// register the scope authorization handler
services.AddSingleton<IAuthorizationHandler, HasScopeHandler>();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseSwagger();
app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "AuthWebApplication1 v1"));
}
app.UseRouting();
app.UseCors("AllowSpecificOrigin");
app.UseStaticFiles();
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}
}
}
Here what my Controller look like
namespace AuthWebApplication1.Controllers
{
using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
private readonly ILogger<WeatherForecastController> _logger;
public WeatherForecastController(ILogger<WeatherForecastController> logger)
{
_logger = logger;
}
[HttpGet]
public IEnumerable<WeatherForecast> Get()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
[HttpGet]
[Route("public")]
public IActionResult Public()
{
return Ok(new
{
Message = "Hello from a public endpoint! You don't need to be authenticated to see this."
});
}
[HttpGet]
[Route("private")]
[Authorize]
public IActionResult Private()
{
return Ok(new
{
Message = "Hello from a private endpoint! You need to be authenticated to see this."
});
}
[HttpGet]
[Route("private-scoped")]
[Authorize("read:messages")]
public IActionResult Scoped()
{
return Ok(new
{
Message = "Hello from a private endpoint! You need to be authenticated and have a scope of read:messages to see this."
});
}
[HttpGet("claims")]
public IActionResult Claims()
{
return Ok(User.Claims.Select(c =>
new
{
c.Type,
c.Value
}));
}
}
}
1 answers
solution1
0 2021-04-05 13:39:55
I finally got it to work properly.
Configure method: I had to remove
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// More Code ..
//*************************
// replace this
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
//*************************
//*************************
// with this
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
//*************************
// some more code
}
public void ConfigureServices(IServiceCollection services)
{
// some code
//*************************
// add this
services.AddMvc(x => x.EnableEndpointRouting = false);
//*************************
// some more code
}
If this could help someone else...
Now I just need to understand what this change mean exactly. Any clue would be nice.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.