0

I want to add authorization to my project based on this tutorial. I've got the part of retrieving an access token working. But when using the token to access a protected resource API I get a 401 unauthorized error.

The request has an authorization header with scheme Bearer and containing the access token. Like in the tutorial the API is protected with the [Authorize] attribute. During startup I setup Bearer Authentication with

UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions())

It is not clear to me why the request is unauthorized. What can I check to find the cause of this problem?

xerves
  • 65
  • 1
  • 2
  • 9
  • Are your authorization server and your resource server the same or are the different servers? – jumuro Jul 25 '16 at 15:04
  • @jumuro the servers are not the same, however they are using the same machinekey – xerves Jul 25 '16 at 15:11
  • There are only two possible way of getting 401 error. 1: you are using invalid token. 2: your access token got expired. refresh your access token if it is expired. – Suraj Jul 26 '16 at 14:31
  • @Suraj The token is not expired. It is used immediately after retrieving it. Refreshing the token still gives me a 401. – xerves Jul 27 '16 at 07:03
  • how are You passing token in header? It should be in below form: Authorization: – Suraj Jul 27 '16 at 07:19
  • @Suraj The token is passed in the header as you mentioned. – xerves Jul 27 '16 at 10:37
  • are you doing it with your code? First try it by using any rest client (eg postman, DHC or curl). If it is working then something wrong in your code. and make sure the API you are accessing must not be out of scope. – Suraj Jul 27 '16 at 12:05
  • @Suraj with code, but I found the cause for the problem, see my answer. Thank you for your help. – xerves Jul 28 '16 at 06:35
  • your welcome! nice you have resolved it. – Suraj Jul 28 '16 at 11:06

1 Answers1

2

After trying and checking many things, I noticed the authorization server and the resource server were using a different version of Owin and Owin.Security. After updating the older one, it worked. The tokens must have changed between the 2 versions.

xerves
  • 65
  • 1
  • 2
  • 9