0

I have a problem with JWT authentication with API Version.
In a .Net 6 Web Api project secured with JWT token we have added the versioning.
Whe use the api-version parameter in header of the call.
We have added a version 2.0 of one api.

If I work with api 1.0 all work fine.
If I ask for version 2.0 a receive 401.1 access denied.
If I had [AllowAnonymous] on version 2.0 api the routing work and call the right controller but the user is not identified.

Thanks for any suggestion

LSo

Lorenzo Soncini
  • 41
  • 1
  • 2
  • That is way too few details for anyone to be able to help. You would have to give some more details about the configuration of your APIs or show some code used. Do you get any information in the logs about why the token is rejected? Do the APIs require the same claims in the JWT (e.g. the `aud` claim), do they use the same keys for signature verification, etc? First of all, try to find some logs and more details about why API v2 is rejecting the token. – Michal Trojanowski Feb 17 '23 at 09:12
  • As @MichalTrojanowski mentioned, some more information would go a long way to providing help or suggestions. "401.1" is **not** a HTTP status code, which leads me to believe this is a response returned by IIS. If IIS is indeed returning this status, it could be before the rest of your application even gets to handle the request. Additional details are required to flush that out. – Chris Martinez Feb 23 '23 at 19:55

0 Answers0