ASP.NET Core 3.1 doesn't authorize bearer token

Question

I added the [Authorize(Roles="CompanyRole")] annotation to my controller action, and in the Startup class I have:

app.Use(async (context, next) =>
        {
            if(context.Session.GetString("user") != null)
            {
                var tk = JsonConvert.DeserializeObject<UserModel>(context.Session.GetString("user"));
                if (!String.IsNullOrEmpty(tk.Token))
                {
                    context.Request.Headers.Add("Authorization", "Bearer " + tk.Token);
                }
                await next.Invoke();
            }
            else
            {
                context.Request.Path = "/Home/Login";
                await next.Invoke();
            }
        });

If I remove the Authorize attribute, I'm able to get the user information and all the claims using

 var A = User.Identity.Name;

And one of the roles is CompanyRole, but I get an "Unauthorized" when I tried to execute that controller action.

https://stackoverflow.com/questions/40646312/asp-net-core-authorize-attribute-not-working-with-jwt — Salah Akbari, Mar 29 '20 at 04:16

score 1 · Answer 1 · answered Mar 29 '20 at 05:01

You should consider middleware's priority and register yours before authorization middleware in Startup.cs file.

app.Use(async (context, next) =>
    {
        if(context.Session.GetString("user") != null)
        {
            var tk = JsonConvert.DeserializeObject<UserModel>(context.Session.GetString("user"));
            if (!String.IsNullOrEmpty(tk.Token))
            {
                context.Request.Headers.Add("Authorization", "Bearer " + tk.Token);
            }
            await next.Invoke();
        }
        else
        {
            context.Request.Path = "/Home/Login";
            await next.Invoke();
        }

    });
app.UseAuthorization();

ASP.NET Core 3.1 doesn't authorize bearer token

1 Answers1