Receiving 401 Unauthorized when testing web api using Implicit Grant

I’ve followed the articles on this site to try and secure my Web Api (

I’m using PostMan to test my Api, prior to adding the Authorize attribute my api successfully returned data requested. I am able to get a token using the endpoint and I have verified this token using I’ve also entered my certificate to verify the signature and this was successful.

However, I am receiving a 401 “Authorization has been denied for this request”. I’ve enabled Verbose debugging in Visual Studio but nothing is outputting to the debug output.

I’ve spent a few hours this morning to try to solve this or at least get some debug output. Some of things I have checked and tried:

  1. have set the Allowed Callback URLs, Allowed Web Origins and Allowed Origins (CORS) to allow http://localhost.
  2. that RS256 is the algorithm used to sign the token.
  3. Verified the token is correctly formed and valid
  4. Verified the issuer has the trailing ‘/’

Any help you can give will be appreciated, if there is any further info you need please let me know thanks.

As it has been more than a few months since this topic was opened, and there has been no reply or further information provided as to the existence of the issue, we are closing this topic. Please don’t hesitate to create a new topic if this issue is still present, we would be happy to work with you to help find a resolution.