Click here to Skip to main content
14,658,931 members
Home » Discussions » ASP.NET
   

ASP.NET

 
AnswerRe: Web.config Encryption and Decryption Pin
Otekpo Emmanuel21-Aug-20 4:19
MemberOtekpo Emmanuel21-Aug-20 4:19 
QuestionASP .NET sql database network connection string Pin
Member 1462055331-Jul-20 9:19
MemberMember 1462055331-Jul-20 9:19 
AnswerRe: ASP .NET sql database network connection string Pin
DerekT-P31-Jul-20 9:41
professionalDerekT-P31-Jul-20 9:41 
GeneralRe: ASP .NET sql database network connection string Pin
Member 1462055331-Jul-20 10:05
MemberMember 1462055331-Jul-20 10:05 
GeneralRe: ASP .NET sql database network connection string Pin
F-ES Sitecore1-Aug-20 1:20
mveF-ES Sitecore1-Aug-20 1:20 
GeneralRe: ASP .NET sql database network connection string Pin
Steve Naidamast16-Aug-20 7:44
professionalSteve Naidamast16-Aug-20 7:44 
QuestionIndividual Accounts in webapi project vs2017 Pin
ganesh.dks28-Jul-20 21:44
Memberganesh.dks28-Jul-20 21:44 
QuestionUsing Authorize(Roles) in my API controller Pin
jkirkerx20-Jul-20 6:36
professionaljkirkerx20-Jul-20 6:36 
I'm having some strange behavior in 2 or my API controller functions, in which I get a status code 401.

So say I delete my authToken in Local Storage, and Login for the first time. A redirect occurs to my "overview" page, in which the "overview" page loads the overview data, called with a client request, and then loads the "performance bar" data that is on every page. These 2 client calls always result in a status 401, unauthorized with a fresh sign in, But if I refresh the page, the 2 client calls work just fine. If I login say an hour later, the automatic login based on token expire data works fine.

What I tried:
I removed the Authorize flags from the 2 API controller functions and it works just fine in all scenarios.
All the other API controllers with the Authorize flag work just fine as well.

So I'm scratching my head on this. I'm thinking it has something to do with roles, in which I added them about 2 months ago. I was careful in how I programed the roles into the AuthToken, having 3 roles to enhance security.

I was also thinking that perhaps the localStorage of the token is lazy, and that the token is not present when the client call is made. But I did research on the internet and all says no, not the case.

I wonder if I can modify the client header to do a retry.

Startup to declare roles
services.AddAuthorization(auth =>
{
    auth.AddPolicy("Bearer", new AuthorizationPolicyBuilder()
        .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme)
        .RequireAuthenticatedUser().Build());

    auth.AddPolicy("RequireAdminOnly", policy =>
    policy.RequireRole("Administrator"));

    auth.AddPolicy("RequireAccountOnly", policy =>
    policy.RequireRole("Customer"));

    auth.AddPolicy("RequireEitherOnly", policy =>
    policy.RequireRole("Administrator, Customer"));
});

Token Generation from my .Net Core Auth Service
var claims = new List<Claim>
{
   new Claim("userID", wsUser.Id),
   new Claim("userName", wsUser.AccountName),
   new Claim("role", wsUser.Role ?? "Administrator"),
   new Claim(ClaimTypes.Name, wsUser.FirstName),
   new Claim(ClaimTypes.Email, wsUser.EmailAddress)
};

API Controller Function
[HttpGet("GetOverview"), Authorize(Policy = "RequireAdminOnly")]
public async Task<GetOverview> GetOverview()
{
  return await _overviewRepository.GetOverview();            
}

Client Header that is being sent
const httpOptions = {
  headers: new HttpHeaders({
    "Content-Type": "application/json",
    "Accept": "application/json",
    "Authorization": "Bearer " + getAuthToken
  })
};
If it ain't broke don't fix it
Discover my world at jkirkerx.com

AnswerRe: Using Authorize(Roles) in my API controller Pin
jkirkerx21-Jul-20 6:01
professionaljkirkerx21-Jul-20 6:01 
AnswerWell after another failed day to figure it out ... Pin
jkirkerx21-Jul-20 12:53
professionaljkirkerx21-Jul-20 12:53 
AnswerThink I figured it out Pin
jkirkerx22-Jul-20 12:51
professionaljkirkerx22-Jul-20 12:51 
AnswerHead scratcher here Pin
jkirkerx23-Jul-20 10:33
professionaljkirkerx23-Jul-20 10:33 
AnswerDid the rewrite on both the server and client side, works great now Pin
jkirkerx27-Jul-20 7:48
professionaljkirkerx27-Jul-20 7:48 
QuestionUpgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 7:20
professionaljkirkerx17-Jul-20 7:20 
AnswerRe: Upgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 11:31
professionaljkirkerx17-Jul-20 11:31 
GeneralRe: Upgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 11:46
professionaljkirkerx17-Jul-20 11:46 
GeneralRe: Upgrading from .Net Core 2.2 to 3.1, SSL and Docker .net core images Pin
jkirkerx17-Jul-20 12:36
professionaljkirkerx17-Jul-20 12:36 
QuestionGenerating unique user ID Pin
Otekpo Emmanuel7-Jul-20 7:29
MemberOtekpo Emmanuel7-Jul-20 7:29 
AnswerRe: Generating unique user ID Pin
Richard Deeming7-Jul-20 7:47
mveRichard Deeming7-Jul-20 7:47 
GeneralRe: Generating unique user ID Pin
Otekpo Emmanuel8-Jul-20 3:06
MemberOtekpo Emmanuel8-Jul-20 3:06 
GeneralRe: Generating unique user ID Pin
Richard Deeming8-Jul-20 3:42
mveRichard Deeming8-Jul-20 3:42 
GeneralRe: Generating unique user ID Pin
Mycroft Holmes8-Jul-20 12:46
professionalMycroft Holmes8-Jul-20 12:46 
AnswerRe: Generating unique user ID Pin
David Mujica10-Jul-20 2:47
MemberDavid Mujica10-Jul-20 2:47 
GeneralRe: Generating unique user ID Pin
jkirkerx13-Jul-20 11:25
professionaljkirkerx13-Jul-20 11:25 
GeneralRe: Generating unique user ID Pin
DerekT-P17-Jul-20 10:44
professionalDerekT-P17-Jul-20 10:44 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.