❔ Creating a JWT through terminal and use it in production (webapi)
I've created a JWT through the terminal with "dotnet user-jwts create" inside the webapi source directory.
It returns a token I've stored.
I have added [Authorize] to a specific endpoint and it works during debug if I use the correct token (Postman, POST), otherwise it will return a 401.
Now, if I compile the project for "Release" and then run the webapi from its directory it will launch the application just fine and listen on all the ports I'd like. However, when trying to use the endpoint using [Authorize] from Postman, it'll give me a 401. The WWW-Athenticate will say "Bearer error="invalid_token", error_description="The signature key was not found"".
Adding additional log levels in the actual webapi gives me this:
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
Summary: It works when running the application in Visual Studio (both Debug and Release) but it does not work with JWT when running the executable in the Release directory outside of Visual Studio.
I do know that the JWT is stored in %appdata%\Microsoft\UserSecrets when using dotnet user-jwts create. Do I somehow need to point the Release-version to that path or what am I missing?
And yeah, this is very basic JWT stuff. We are just scraping the surface in my education so there's a lot more that the school doesn't go into details about
It returns a token I've stored.
I have added [Authorize] to a specific endpoint and it works during debug if I use the correct token (Postman, POST), otherwise it will return a 401.
Now, if I compile the project for "Release" and then run the webapi from its directory it will launch the application just fine and listen on all the ports I'd like. However, when trying to use the endpoint using [Authorize] from Postman, it'll give me a 401. The WWW-Athenticate will say "Bearer error="invalid_token", error_description="The signature key was not found"".
Adding additional log levels in the actual webapi gives me this:
info: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[1]
Failed to validate the token.
Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException: IDX10500: Signature validation failed. No security keys were provided to validate the signature.
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateSignature(String token, TokenValidationParameters validationParameters, BaseConfiguration configuration)
at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateJWS(String token, TokenValidationParameters validationParameters, BaseConfiguration currentConfiguration, SecurityToken& signatureValidatedToken, ExceptionDispatchInfo& exceptionThrown)
Summary: It works when running the application in Visual Studio (both Debug and Release) but it does not work with JWT when running the executable in the Release directory outside of Visual Studio.
I do know that the JWT is stored in %appdata%\Microsoft\UserSecrets when using dotnet user-jwts create. Do I somehow need to point the Release-version to that path or what am I missing?
And yeah, this is very basic JWT stuff. We are just scraping the surface in my education so there's a lot more that the school doesn't go into details about
