search

mrsheepuk / ASPNETSelfCreatedTokenAuthExample

Example of how to protect an ASP.NET Core (1.0.1) Web API using simple self-created JWT bearer tokens.
http://stackoverflow.com/a/33217122/789529
173 stars 64 forks source link

No SecurityTokenValidator available for token #10

Closed Myrmex closed 8 years ago

Myrmex commented 8 years ago

Hello, I'm trying to play with this project (VS2015, ASPvNext RC), but I'm not able to access the secured API. Whenever I try a GET http://localhost:53129/api/value/1 I get the error No SecurityTokenValidator available for token:

{"success":false,"error":"No SecurityTokenValidator available for token: token=eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiwidHlwIjoiSldUIn0.eyJuYmYiOjE0NTIxMDg2NTgsImV4cCI6MTQ1MjEwODc3OCwiaWF0IjoxNDUyMTA4NjU4LCJ1bmlxdWVfbmFtZSI6IlRFU1QiLCJFbnRpdHlJRCI6MSwiaXNzIjoiRXhhbXBsZUlzc3VlciIsImF1ZCI6IkV4YW1wbGVBdWRpZW5jZSJ9.LhAbTFL6_ESs6o9_Y_7s1K80EzOPhWIByTdDu-s6DkJx68pqclpWMVqpAEmGqPxKrCoG2EVoNvDYkvGhkqBMQ4J6I4KEcNt5ii1LwlxyCtPsBQ2Ez3WztTd9xMsGfIU0BtweJUhivviUI8m3Wp8pH-n94Mt5hjVNV0WQzHYYrZkzWrKlCX0o176N_M9P2sgJhxYFv1jD6gmQRGKPUNubH59R0WIlisu0pXL8_iF2FoQ-14bsvZ5wC40d3vLRxSVI-2EDQ2U6l4srsWfc0rWVAq1e5bRSn1LiX8DQ47VABpetYHSc62trx0ZLnAc6XmbeaTb2azbPY6LJAA0x2G5ulQ"}

Here is what I did:

  1. download your project, unzip and compile.
  2. run (F5) the solution.
  3. I can confirm that the server has started by accessing (using Fiddler) the unprotected API action with GET http://localhost:53129/api/values, which returns some JSON code.
  4. I request a token using the fake credentials TEST:TEST, and I correctly get it back with this post:
POST http://localhost:53129/api/token

--Header:
User-Agent: Fiddler
Host: localhost:5000
Content-type: application/json
Content-Length: 40

--Body:
{"username":"TEST", "password": "TEST" }
  1. I copy the received JWT token value and paste it into this request:
GET http://localhost:53129/api/value/1

--Header:
User-Agent: Fiddler
Host: localhost:53129
Content-Type: application/json
Authorization: Bearer token=...received token...

Yet, I always get the error quoted above. Any suggestion?

mrsheepuk commented 8 years ago

Hi @Myrmex - I think you have the authorization header wrong - it should just be Authorization: Bearer eyJhbGciOiJ... rather than Authorization: Bearer token=eyJhbGciOiJ....

Give that a try and let me know if it resolves the problem.

Myrmex commented 8 years ago

Thanks, this was my fault, sorrt for wasting your time: I was just pasting from Fiddler and I had not noticed the token= prefix. I think we are really in need of a simple, yet complete solution for using JWT with an ASP.NET backend, keep up the good work, hope this will be soon production-ready :)

mrsheepuk commented 8 years ago

@Myrmex No problems, closing the issue :)

Re. using this in production - I'm using the strategies shown here in a web app that will soon be in production, this repo is intended to show the strategy needed rather than to create a production-ready implementation itself (as the changes needed to make it into a production-ready implementation will depend on how you're identifying your users, whether you're creating a REST API or a web application, etc etc, all of which would be different for almost everyone using this).