0

I have applied tutorial and created one asp.net core web API authentication application.

Everything is fine and running perfect but if I pass the wrong authorization key it is not returning anything.

I tried below code to test but I am not getting context delegate.

x.Events.OnChallenge = context =>
                {
                    // Skip the default logic.
                    context.HandleResponse();

                    var payload = new JObject
                    {
                        ["error"] = context.Error,
                        ["error_description"] = context.ErrorDescription,
                        ["error_uri"] = context.ErrorUri
                    };

                    return context.Response.WriteAsync(payload.ToString());
                };

I also want to set custom error return code for the wrong authorization so any help would be appreciated.

Thanks in advance.

My configuration services code is :

public void ConfigureServices(IServiceCollection services)
        {
            services.AddCors();
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);

            // configure strongly typed settings objects
            var appSettingsSection = Configuration.GetSection("AppSettings");
            services.Configure<AppSettings>(appSettingsSection);

            // configure jwt authentication
            var appSettings = appSettingsSection.Get<AppSettings>();
            var key = Encoding.ASCII.GetBytes(appSettings.Secret);
            services.AddAuthentication(x =>
            {
                x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })

            .AddJwtBearer(x =>
            {
                x.RequireHttpsMetadata = false;
                x.SaveToken = true;
                x.TokenValidationParameters = new TokenValidationParameters
                {
                    ValidateIssuerSigningKey = true,
                    IssuerSigningKey = new SymmetricSecurityKey(key),
                    ValidateIssuer = false,
                    ValidateAudience = false
                };
            });

            // configure DI for application services
            services.AddScoped<IUserService, UserService>();
        }
Improve this question

1 Answer 1

Reset to default
1

It will not work since in startup.cs file you would have used 

app.UseJwtBearerAuthentication(new JwtBearerOptions()
{//other stuff}

which works with [Authorize] data annotation on your methods and concurrently only when a valid token is passed.

Later you can extract claims and perform validation on 

HttpContext.User.Identity as ClaimsIdentity;

You can check this...if it helps link1 and link2

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I didn't get your point. Where I have to make changes? I tried your code app.UseJwtBearerAuthentication(new JwtBearerOptions() {//other stuff} but it is not available. I only use those packages that is defined in the tutorial I have given in my question.
Check this...if it helps [link] c-sharpcorner.com/article/… and [link] stackoverflow.com/questions/45315274/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.