ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error
I\'m using ASP.NET Core 2.0 application (Web API) as a JWT issuer to generate a token consumable by a mobile app. Unfortunately, this token couldn\'t be validated by one con
-
try this in startup.cs
services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }).AddJwtBearer(opts => ...讨论(0) -
You can try this instead:
.AddJwtBearer(options => { options.RequireHttpsMetadata = false; options.TokenValidationParameters = tokenValidationParameters; });'讨论(0) -
I added:
app.UseAuthentication();In
Startup.Configure()and that resolved this error for me.Reference: Auth 2.0 Migration announcement
讨论(0) -
When Authentications are added like:
services.AddAuthentication(options => { options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme; }) ....It means that every attribute [Authorize] that is put on top of a method or a controller class, will try to authenticate against the default authentication schema (in this case the JwtBearer) AND IT WILL NOT CASCADE DOWN to try to authenticate with other schemas that might be declared (like Cookie schema). In order to make the AuthorizeAttribute authenticate against the cookie schema it has to be specified like
[Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)]This will work also the other way around, i.e. if cookie schema is default then the JwtBearer schema must be declared for authorization for those methods or controllers that would need JwtBearer token authentication
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]讨论(0) -
For Dotnetcore 3.1, I placed
app.UseAuthentication()beforeapp.UseAuthorization()讨论(0)
加载中...
- 热议问题