Hello,
Currently, we are working on an app with the ABP framework. This app is a management app for webshops. For the management app we are creating a portal and an API. The API must work with a JWT (bearer token) to authenticate the client to know who the user is.
At the moment, we add the JWT library with the .NET identity service and the configuration for JWT. We can generate our JWT token without any problem (see Login code API). When we do a request to the API with the generated JWT token we receive an HTTP status code 401 unauthorized with an exception in the console (see Log Identity server) and Log webshop server). This problem also occurs in the portal where we added the JWT token. This page returns after the change an unauthorized exception.
When we change our ConfigureServices from:
context.Services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
options.SaveToken = true;
options.RequireHttpsMetadata = false;
options.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuer = false,
ValidateAudience = false,
ValidAudience = configuration["JWT:ValidAudience"],
ValidIssuer = configuration["JWT:ValidIssuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["JWT:Secret"])),
};
});
To this
JwtBearerConfigurationHelper.Configure(context, "IdentityService");
The portal works like a charm but the API still gives us a 401 Unauthorized.
Log webshop app https://hastebin.com/rekikerito.sql
Log Identity server https://hastebin.com/vizimarade.sql
JWT TOKEN eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYWRtaW4iLCJqdGkiOiIxMjRkM2ZlNi04ZmU0LTRhY2QtOTMwYy1lNjY1MmNkY2MzNGMiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJhZG1pbiIsImV4cCI6MTY2MjYzNjcyMCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzODgiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDM4OCJ9.T_YSOFucGE6HTZbR_9brb877fukg_t52RlxvH2QN2W0
Login code API https://hastebin.com/yafuvugisu.csharp