1

I'm integrating Fusion Auth into my .Net Core API.

My Program.cs looks like the following:

using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.AspNetCore.Authorization;
using Microsoft.IdentityModel.Tokens;
using System.Text;


var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

builder.Services.AddControllers();
// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer("FA", options =>
{
    options.SaveToken = true;
    options.TokenValidationParameters = new TokenValidationParameters
    {
        ValidateIssuer = true,
        ValidateAudience = false,
        ValidateLifetime = true,
        ValidateIssuerSigningKey = true,
        ValidIssuer = builder.Configuration.GetValue<string>("Jwt:Issuer"),
        IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(builder.Configuration.GetValue<string>("Jwt:Key")))
    };
});

builder.Services.AddAuthorization(options =>
{
    options.DefaultPolicy = new AuthorizationPolicyBuilder()
        .AddAuthenticationSchemes("FA")
        .RequireAuthenticatedUser()
        .Build();
});


builder.Services.AddAuthorization(options =>
{
    options.AddPolicy("FA", policy =>
    {
        policy.AddAuthenticationSchemes("FA");
        policy.RequireAuthenticatedUser();
        //policy.RequireClaim("scope", "licensing");
        policy.Build();
    });
});

// Services
builder.Services.AddScoped<IAccountService, AccountService>();

builder.Services.Configure<FusionConfiguration>(options => builder.Configuration.GetSection("FusionConfiguration").Bind(options));

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}



app.UseHttpsRedirection();
app.UseAuthentication();
app.UseAuthorization();

app.MapControllers();

app.Run();

I've decorated one of the default controllers with Auth attr:

        [HttpGet("GetWeatherForecast"), Authorize(policy: "FA")]
        public IEnumerable<WeatherForecast> GetWeatherForecast()
        {
            return Enumerable.Range(1, 5).Select(index => new WeatherForecast
            {
                Date = DateTime.Now.AddDays(index),
                TemperatureC = Random.Shared.Next(-20, 55),
                Summary = Summaries[Random.Shared.Next(Summaries.Length)]
            })
            .ToArray();
        }

When I authenticate, I get a token back, when trying to hit the endpoint ^ via postman and passing in the bearer token it always returns 401.

Can someone notice what I'm doing wrong here?

Code Ratchet
  • 5,758
  • 18
  • 77
  • 141
  • What signing scheme are you using? FusionAuth uses a symmetric signing scheme by default (HS256) but I've found in the past that you need to use an asymmetric signing scheme. RS256, for example. – mooreds Feb 27 '23 at 16:18

0 Answers0