✅ Why a valid JWT token not able to be accepted in an Authorized Action in ASP.NET Core 7
Hi friends I have the following controller:
[ApiController]
[Route("api/[controller]")]
public class StudentController : ControllerBase
{
readonly AppDbContext _dbContext;
readonly UserManager<IdentityUser> _userManager;
readonly SignInManager<IdentityUser> _signInManager;
public StudentController(AppDbContext context, UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
{
_dbContext = context;
_userManager = userManager;
_signInManager = signInManager;
}
[HttpPost]
public async Task<IActionResult> Login([FromBody] LoginModel model)
{
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false);
if (!result.Succeeded)
{
return BadRequest();
}
var user = await _userManager.FindByNameAsync(model.UserName);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(
issuer: "https://localhost:7183",
audience: "https://localhost:7183",
claims: claims,
expires: DateTime.UtcNow.AddMinutes(30),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345")), SecurityAlgorithms.HmacSha256)
);
return Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
expiration = DateTime.Now.AddMinutes(30),
userName = user.UserName
});
}
[Authorize]
[HttpGet("students")]
public IActionResult GetStudents()
{
var students = _dbContext.Students.ToList();
return Ok(students);
}
}[ApiController]
[Route("api/[controller]")]
public class StudentController : ControllerBase
{
readonly AppDbContext _dbContext;
readonly UserManager<IdentityUser> _userManager;
readonly SignInManager<IdentityUser> _signInManager;
public StudentController(AppDbContext context, UserManager<IdentityUser> userManager, SignInManager<IdentityUser> signInManager)
{
_dbContext = context;
_userManager = userManager;
_signInManager = signInManager;
}
[HttpPost]
public async Task<IActionResult> Login([FromBody] LoginModel model)
{
var result = await _signInManager.PasswordSignInAsync(model.UserName, model.Password, false, false);
if (!result.Succeeded)
{
return BadRequest();
}
var user = await _userManager.FindByNameAsync(model.UserName);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, user.UserName),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(
issuer: "https://localhost:7183",
audience: "https://localhost:7183",
claims: claims,
expires: DateTime.UtcNow.AddMinutes(30),
signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes("superSecretKey@345")), SecurityAlgorithms.HmacSha256)
);
return Ok(new
{
token = new JwtSecurityTokenHandler().WriteToken(token),
expiration = DateTime.Now.AddMinutes(30),
userName = user.UserName
});
}
[Authorize]
[HttpGet("students")]
public IActionResult GetStudents()
{
var students = _dbContext.Students.ToList();
return Ok(students);
}
}