The authorization is not working in ASP.net core web API-CodePudding

I'm trying to implement authorization in asp.ne core webapi web application using jwt tokens. but when I send a request with bearer authorization and the jwt token generated, the response is always 401 unauthorized

I'm using .Net 5.0 version

what I'm doing wrong ?

here is my startup.cs file public Startup(IConfiguration configuration) { Configuration = configuration; }

    public IConfiguration Configuration { get; }
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<JwtSettings>(Configuration.GetSection("Jwt"));
        var jwtSettings = Configuration.GetSection("Jwt").Get<JwtSettings>();
        services.AddControllers();

        var dataAssemblyName = typeof(CRMContext).Assembly.GetName().Name;
        services.AddDbContext<CRMContext>(options => options.UseSqlServer(Configuration.GetConnectionString("Default"), x => x.MigrationsAssembly(dataAssemblyName)));

        services.AddIdentity<User, Role>(options =>
        {
            options.Password.RequiredLength = 8;
            options.Password.RequireNonAlphanumeric = false;
            options.Password.RequireUppercase = true;
            options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(1d);
            options.Lockout.MaxFailedAccessAttempts = 5;
        })
            .AddEntityFrameworkStores<CRMContext>()
            .AddDefaultTokenProviders();
 services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme).AddJwtBearer(options =>
        {
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidateAudience = true,
                ValidateLifetime = true,
                ValidateIssuerSigningKey = true,
                ValidIssuer = Configuration["JwtAuthentication:JwtIssuer"],
                ValidAudience = Configuration["JwtAuthentication:JwtIssuer"],
                IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Configuration["JwtAuthentication:JwtKey"])),
            };

        });

        services.AddScoped<IUnitOfWork, UnitOfWork>();
        services.AddTransient<IAccountService, AccountService>();
        services.AddTransient<IApplicationUserService, ApplicationUserService>();
        services.AddMvc().AddControllersAsServices();
        services.AddCors(o => o.AddPolicy("MyPolicy", builder =>
        {
            builder.AllowAnyOrigin()
                   .AllowAnyMethod()
                   .AllowAnyHeader();
        }));

        services.AddSwaggerGen(options =>
        {
            options.SwaggerDoc("v1", new OpenApiInfo { Title = "Cloud 9", Version = "v1" });
            options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
            {
                Description = "JWT containing userid claim",
                Name = "Authorization",
                In = ParameterLocation.Header,
                Type = SecuritySchemeType.ApiKey,
            });

            var security =
                new OpenApiSecurityRequirement
                {
                    {
                        new OpenApiSecurityScheme
                        {
                            Reference = new OpenApiReference
                            {
                                Id = "Bearer",
                                Type = ReferenceType.SecurityScheme
                            },
                            UnresolvedReference = true
                        },
                        new List<string>()
                    }
                };
            options.AddSecurityRequirement(security);
        });
        services.AddAutoMapper(typeof(Startup));
        services.AddControllersWithViews()
                .AddNewtonsoftJson(options =>
                options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore
         );

        var mappingConfig = new MapperConfiguration(mc =>
        {
            mc.AddProfile(new MappingProfile());
        });
        IMapper mapper = mappingConfig.CreateMapper();
        services.AddSingleton(mapper);

        services.AddAuth(jwtSettings);

    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {

        MyServiceProvider.ServiceProvider = app.ApplicationServices;
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        app.UseHttpsRedirection();
        app.UseRouting();
        //  app.UseSwagger();
        //    app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "Ids.Crm.Api v1"));

        app.UseAuthorization();
        app.UseAuth();
        app.UseCors("MyPolicy");

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });
        app.UseSwagger()
            .UseSwaggerUI(c =>
            {
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "test v1");
                c.ConfigObject.AdditionalItems.Add("syntaxHighlight", false); 
                c.ConfigObject.AdditionalItems.Add("theme", "agate"); 
            });
    }

CodePudding user response：

Your request pipeline is missing the authentication middleware. So you couldn't possibly authenticate or possibly authorize. Simply add the middleware before the authorization middleware in the Configure method

app.UseAuthentication();
app.UseAuthorization();

Update: It seems app.UseAuth(); is your authentication middleware. If it is, then place it above the Authorization middleware.

app.UseAuth();
app.UseAuthorization();

CodePudding user response：

I found the solution.... I was declaring a key in the generation of the token which is different from the one I've declared in the appsetting.json

so when the TokenValidationParameters takes the wrong key it was preventing authorization