We just upgrade our web api project from .net core 2.2 to .net core 3.0. After fixing all the breaking changes, finally I can test my api. But found authentication is broken. The valid token from Auth0 no longer passes the authentication. I always get 401 Unauthorized error.
Hi there @sally.xu and welcome to the Auth0 Community!
Are you seeing any more details related to the 401 in console or your Auth0 logs? Can you share a HAR file capture of the broken workflow and pass it through a direct message to me please? Be sure to select “Preserve log” to catch redirects and scrub the file of user passwords before passing, thanks!
I’m sure the problem is not with auth0 token, but rather the way how .NET 3.0 decode the token. I’m using Postman to test my API. No browser is involved.
Here is the steps to reproduce this problem:
Download the sample code from Auth0 quick start for my project. (which is based on .net core 2.0).
Test the project as is to make sure it works fine. Using Postman to test private API route with a valid Auth0 token: http://localhost:3010/api/private. Working as expected.
Migrated the project to .net core 3.0 (followed the migration steps given by Microsoft : Migrate from ASP.NET Core 2.2 to 3.0 | Microsoft Learn). After the migration, re-test the API call. The public route works fine. Getting 401 error on private call. The token is no longer decoded correctly.
Basically we need a new quick start project which works for .Net 3.0. Seems Microsoft is pushing to move to 3.0. The end support to v2.2 will be the end of Dec.
I read that blog a few times, didn’t help with the issue. I’m guessing just one configuration setting we need to set on Startup.cs when calling service.AddJwtBearer(). But not sure which setting.
Great news @sally.xu, @andrea.chiarelli just released his latest building and securing Web APIs with ASP.NET Core 3.0 which touches on the JwtBearer. Take a look and let me know if this helps!