How can I debug the cause when I get 401 when calling an OAuth authenticated web api point in ASP.NET

Question

I have an ASP.NET Web API project in (running on .NET 4.8 - not .NET Core). I have setup 'Bearer token' authentication by adding:

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
        // Web API configuration and services
        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType))
     }
 }

And in Startup.cs:

public class Startup1
{
    public void Configuration(IAppBuilder app)
    {
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888

        app.UseJwtBearerAuthentication(
            new JwtBearerAuthenticationOptions
                {
                    AuthenticationMode = AuthenticationMode.Active,
                    TokenValidationParameters = new TokenValidationParameters()
                                                {
                                                    ValidateIssuer = true,
                                                    ValidIssuer = "https://www.example.com", //some string, normally web url,  
                                                }
                });
    }
}

And in my controller method, I add [Authorize] in my controller API.

But when I call the endpoint in my browser, I checked that it has a bearer token in the http header. The body of the http response is

"Message":"Authorization has been denied for this request."

How can I debug my issue? as I don't see any exception or any message in log.

score 0 · Accepted Answer · answered Feb 06 '22 at 16:16

0

Could you add these parameters in your code and try:

app.UseJwtBearerAuthentication(new JwtBearerAuthenticationOptions
        {
            AuthenticationMode = AuthenticationMode.Active,
            AllowedAudiences = new[] { "Any" },
            IssuerSecurityKeyProviders = new IIssuerSecurityKeyProvider[] {
                new SymmetricKeyIssuerSecurityKeyProvider(issuer, secret)
            }
        });


var issuer = ConfigurationManager.AppSettings["issuer"];
var secret = TextEncodings.Base64Url.Decode(ConfigurationManager.AppSettings["secret"]);

Add these parameters in App config file:

<appSettings>
  <add key="issuer" value="http://localhost:xxx/"/>
  <add key="secret" value="YourToken"/>
</appSettings>

answered Feb 06 '22 at 16:16

SSharma

36
3

I create an 'Application' In Azure portal Azure Active Directory. And my web application authenticates with that app and get an access token. The web app then call my C# controller with 'bearer' token'. To try your suggestion, I create a secret and use that in the example code. But I get an error `The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.` – N Johnson Feb 06 '22 at 17:58
How are you passing data in Secret ? Are you adding any characters before the token? – SSharma Feb 07 '22 at 09:27
Can you check this link. This might help you to detect - https://stackoverflow.com/questions/15114044/the-input-is-not-a-valid-base-64-string-as-it-contains-a-non-base-64-character – SSharma Feb 07 '22 at 09:31

How can I debug the cause when I get 401 when calling an OAuth authenticated web api point in ASP.NET

1 Answers1