1

I started doing angular2 + asp.net core application, started implementing Auth0. I created client application and a user.

Here is client application setup, provided url for Api:

enter image description here

User login works fine:

enter image description here

Now I have an api with this controller:

    [Route("api")]
public class PingController : Controller
{
    [Authorize]
    [HttpGet]
    [Route("ping/secure")]
    public string PingSecured()
    {
        return "All good. You only get this message if you are authenticated.";
    }
}

And in startup.cs I tried implementing like this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
    {
        loggerFactory.AddConsole(Configuration.GetSection("Logging"));
        loggerFactory.AddDebug();

        var options = new JwtBearerOptions
        {
            Audience = "uUdThU122xYPugR8gLoNTr3HdJ6sWvQV",
            Authority = "https://dntquitpls.eu.auth0.com/",

        };

        if (env.IsDevelopment())
        {
            app.UseBrowserLink();
            app.UseDeveloperExceptionPage();
        };

        app.UseJwtBearerAuthentication(options);

        app.UseCors(builder =>
                    builder.WithOrigins("http://localhost:61290/").AllowAnyOrigin()
                           .AllowAnyHeader()
                           .AllowAnyMethod()
                    );

        app.UseDefaultFiles();

        app.UseStaticFiles();

        app.UseMvc(routes =>
        {
            routes.MapWebApiRoute("defaultApi",
                                  "api/{controller}/{id?}");
        });
    }

And it does not work getting this:

enter image description here

Api part is done by Auth0 Api tutorial, for example if I create a Api and there is a test Bearer token it works with that in api, also i configure Startup.cs file by that Api, but unfortunately with my Bearer token from response does not work.

Please any ideas why it does not work and I am not getting authorized?

Improve this question

1 Answer 1

Reset to default
4

Found a solution, now it works, the problem was in Startup.cs file in options HS256 Encoding, which is used for UseJwtBearerAuthentication, solution:

var keyAsBytes = Encoding.ASCII.GetBytes("CLIENT_SECRET");

    var options = new JwtBearerOptions
    {
        TokenValidationParameters =
        {
            ValidIssuer = "https://dntquitpls.eu.auth0.com/",
            ValidAudience = "uUdThU122xYPugR8gLoNTr3HdJ6sWvQV",
            IssuerSigningKey = new SymmetricSecurityKey(keyAsBytes)
        }
    };
    app.UseJwtBearerAuthentication(options);

source:

http://www.jerriepelser.com/blog/using-roles-with-the-jwt-middleware/

if you want to work with RS256 encoding use this:

        var certificationData = Configuration["auth0:certificate"];
        var certificate = new X509Certificate2(Convert.FromBase64String(certificationData));

        var options = new JwtBearerOptions()
        {
            Audience = Configuration["auth0:clientId"],
            Authority = Configuration["auth0:authority"],
            AutomaticChallenge = true,
            AutomaticAuthenticate = true,

            TokenValidationParameters = {
                ValidIssuer = Configuration["auth0:authority"],
                ValidAudience = Configuration["auth0:clientId"],
                IssuerSigningKey = new X509SecurityKey(certificate)
            }
        };

        app.UseJwtBearerAuthentication(options);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.