ASP.NET core JWT authentication always throwing 401 unauthorized

Question

I\'m trying to implement JWT authentication on my asp.net core webAPI as simply as possible. I don\'t know what i\'m missing but it\'s always returning 401 even with the

Answer 1

There are some other issues here, that you may want to take a look at and potentially improve. The login mechanism currently contains a token that has a 7 days expiry. That means exposed tokens will still allow an attacker to access and impersonate the user for 7 days. In general it would be better to:

• Log the user in and generate a token which is only good for 1 hour
• Give the user a permanent device token to represent the device
• Validate the device and token (even when expired) and possibly generate a new token.

This gives the user the ability to "log out" of all sessions in case something is compromised. Specifically these sorts of functionality and more are available by most authentication providers such as Auth0 or authorization providers such as Authress.