Token based auth for aspnet-core web api

2
votes

Dears,

I've followed https://stormpath.com/blog/token-authentication-asp-net-core to authenticate the user for my web apis I managed to create a successful access-token when calling api/token

My problem is the use of [Authorize], authorize filter didn't get that my user has a valid token, although HeaderAuthorization and HeaderExpries have been set.

function getValues()
{
    $.ajax({
        url: "http://localhost:48146/api/values",
        headers: { 'Authorization': 'Basic ' + accessToken, Expires: tokenExpires },
        method: "GET",
        context: document.body,
        success: function (data) {
            alert(data);
        }
    });
}

Did I passed a wrong header?

2
asp.netasp.net-mvcauthenticationasp.net-core

2 Answers

2
votes

Based on the tutorial you followed you should pass a bearer authorization header, not a basic authorization header:

headers: { 'Authorization': 'bearer' + accessToken, Expires: tokenExpires },

0
votes

I've figured out 2 problems

  1. as @user1336 said in header I had theaders: { 'Authorization': 'bearer' + accessToken, Expires: tokenExpires },
  2. I had to call ConfigureAuth(app) before app.UseMvc(); in Startup.css