Aspnetcore: Asp.Net Core 2.0 Jwt Bearer Authentication works only for first request

Created on 17 Jul 2017  路  8Comments  路  Source: dotnet/aspnetcore

Hello,
recently i've upgraded my app to Asp.Net core 2.0 and i have strange behavior when using Jwt Bearer Authentication.

Only first request to the endpoint passes successfully, all other request get '401 Unauthorized' without any errors.
It looks like it can't get the token and build Claims for all other requests.
Interesting fact is App Insights trace shows that "Successfully validated the token", but afterwards challenge for bearer is sent again.

Maybe it's totally my bad, but i have no idea, what is wrong - in previous version everything was ok.

capture

My startup file:
Startup.txt

My CsProj:

Service.Api.txt

picture f1xxxer

Most helpful comment

Version: preview2

Move UseAuthentication() ahead of UseMvc().

Unrelated: Remove o.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;

picture Tratcher on 17 Jul 2017
👍4

All 8 comments

Version: preview2

Move UseAuthentication() ahead of UseMvc().

Unrelated: Remove o.DefaultSignInScheme = JwtBearerDefaults.AuthenticationScheme;

Tratcher picture Tratcher on 17 Jul 2017
👍4

Thank you very much, moving of UseAuthentication() upfront did the trick. This issue can be closed i guess.

f1xxxer picture f1xxxer on 17 Jul 2017

@f1xxxer Is your Asp.Net Core 2 project a Web Api or a Web App? If its a Web Api, could you show me your repository? I'd want to implement token base authentication in a Asp.Net Core 2 Web Api project but unfortunately what I see in tutorials are for Asp.Net Core 1.1.

lorenz31 picture lorenz31 on 10 Sep 2017

@lorenz31 yes, i have a web api project, can't show my repo though. Any way, assuming that you have updated everything to 2nd version, in StartUp.cs you need to configure your Jwt Authentication this way:

  • in ConfigureServices method

    services.AddAuthentication(o =>
    {
    o.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
    o.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
    }).AddJwtBearer(options =>
    {
    options.Audience = "your audience";
    options.ClaimsIssuer = "claims issuer";
    options.TokenValidationParameters = new TokenValidationParameters
    {
    ValidIssuer = "claims issuer",
    IssuerSigningKey = { your signing key }
    };
    });

  • in Configure

app.UseAuthentication();

app.UseMvc();

it is important that UseAuthentication() is before UseMvc()

https://github.com/aspnet/Announcements/issues/262 - here are some details, about Authentication changes

f1xxxer picture f1xxxer on 11 Sep 2017

@f1xxxer can you help in this issue ? https://github.com/aspnet/Identity/issues/1422

AlexOliinyk1 picture AlexOliinyk1 on 11 Sep 2017

@f1xxxer I understand. By the way, I already got it working. I just set aside using Asp.Net Identity for the built-in registration/login and just used the reference I found at code project.

lorenz31 picture lorenz31 on 11 Sep 2017

@lorenz31 please share the CodeProject link.
Thanks

CharlesOkwuagwu picture CharlesOkwuagwu on 12 Sep 2017

These sorts of issues belong in aspnet/security. Please ask questions about authentication there.

blowdart picture blowdart on 12 Sep 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rynowak picture rynowak  路  3Comments
groogiam picture groogiam  路  3Comments
ipinak picture ipinak  路  3Comments
guardrex picture guardrex  路  3Comments
FourLeafClover picture FourLeafClover  路  3Comments