ASP.NET Core 2 - Angular & JWT Authentication


ASP.NET Core 2 - Angular & JWT Authentication



Problem: I seem unable to fetch the User or any user-related data (e.g. UserID) in any controller after the token has been recorded to browser local storage.


User


UserID



I've set a breakpoint and studied HttpContext member of ControllerBase instance (the client app makes request + the auth_token is kept in local storage at this stage).


HttpContext


ControllerBase


auth_token



You only can extract the referrer url from Headers but there's no info about tokens.


Headers


tokens



Even if you create a cookie for the token - the Request doesn't have it (0 cookies found at all).


Request



Perhaps I misunderstand the concept of how authorization works.



Here's the bit I misunderstand most - how does ASP.NET Core fetch the token from the request made by client app - it must be kept in headers?


ASP.NET Core


token



Also, could anyone share a working example of JWT Authentication where Angular & ASP.NET Core are separate solutions?


Angular


ASP.NET Core






I've implemented login functionality and I store the access token in browser local storage.


this._authService.authenticate(this.loginModel)
.finally(finallyCallback)
.subscribe((result: AuthenticateOutput) => {
localStorage.setItem('auth_token', result.token);
});



Must the name of the token be in accordance with any conventions? (I wonder if auth_token is appropriate in this case.)


auth_token



SessionController - the method which fetches current user info:


SessionController


public async Task<GetCurrentLoginDetailsOutput> GetCurrentLoginDetails()
{
var output = new GetCurrentLoginDetailsOutput();
var user = await UserManager.GetUserAsync(HttpContext.User);
if (user != null)
{
output.User = Mapper.Map<UserDto>(user);
output.Tenant = Mapper.Map<TenantDto>(user.Tenant);
}
return output;
}



In my Authenticate method of AuthContoller I create Claim which holds UserID:


Authenticate


AuthContoller


var user = await _userService.Authenticate(input.UserName, input.Password);

var tokenDescriptor = new SecurityTokenDescriptor
{
Issuer = _config.GetValidIssuer(),
Audience = _config.GetValidAudience(),
SigningCredentials = new SigningCredentials(_config.GetSymmetricSecurityKey(), SecurityAlgorithms.HmacSha256),
Subject = new ClaimsIdentity(new
{
new Claim("id", user.Id.ToString())
})
};



_userService.Authenticate method fetches the user and checks if the password is correct as follows:


_userService.Authenticate


var user = _context.Users.SingleOrDefault(x => x.UserName == username);

if (user == null) { return null; }

bool correctPassword = await UserManager.CheckPasswordAsync(user, password);



JWT config in Startup.cs


Startup.cs


services
.AddAuthentication()
.AddJwtBearer(x =>
{
x.RequireHttpsMetadata = false;
x.SaveToken = true;
x.TokenValidationParameters = new TokenValidationParameters()
{
IssuerSigningKey = Configuration.GetSymmetricSecurityKey(),
ValidAudience = Configuration.GetValidAudience(),
ValidIssuer = Configuration.GetValidIssuer()
};
});



CORS is configured as follows:


CORS


.AllowAnyOrigin()
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()






Additional info:



The Angular app is a separate solution / project - not the "one solution" template available in VS2017.


VS2017



I'm using ASP.NET Core v2.1


ASP.NET Core v2.1



I'm using NSwag.AspNetCore package to auto-generate services for Angular project.



Here's the tutorial which I've been using to code my app.





Typically the JWT would be sent to the backend either in a cookie, or in a header, yes. In the example you've linked to, they send it in the "Authorization" header
– user184994
Jun 30 at 18:16






Why does your method have [AllowAnonymous] if you need user data at that point?
– Alex Riabov
Jun 30 at 18:18





good point @AlexRiabov, will investigate this bit, thank you!
– Alex Herman
Jun 30 at 18:19









By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

-

Popular posts from this blog

List of Kim Possible characters

Image
From left to right: Wade (on monitor screen), Dr. James Timothy Possible, Mrs. Dr. Ann Possible, Ron, Rufus, Kim Possible, Shego, Dr. Drakken, Monkey Fist, Señor Senior Sr., Adrena Lynn, and Señor Senior Jr. This is a list of characters appearing in the animated series Kim Possible . Team Possible Kim Possible Main article: Kim Possible (character) Voiced by: Christy Carlson Romano and Dakota Fanning (Preschool Kim; Kim Possible: A Sitch In Time ) Kimberly Ann “Kim” Possible is a crime fighter and high school cheerleading captain who saves the world on a regular basis while dealing with the normal challenges of being a teenager, such as winning cheer competitions, turning in her homework on time, and maintaining a love life. Her name is a play on the word “impossible.” Kim has known Ron Stoppable, her sidekick for most missions, since preschool. She has also completed missions with Wade, Monique, her brothers, and even her mother. In season four, Kim and Ron end up developing romanti
Read more

Audio Livestreaming with Python & Flask

Audio Livestreaming with Python & Flask I'm currently strugling with my implementation of a simple live streaming web application using Python and Flask. It seems that I'm not able to stream my live recorded audio from the servers microphone input to the webpage. server.py from flask import Flask, render_template, Response import cv2 import framework import pyaudio import audio_processing as audioRec FORMAT = pyaudio.paInt16 CHANNELS = 1 RATE = 44100 CHUNK = 1024 audio = pyaudio.PyAudio() app = Flask(__name__) @app.route('/') def index(): """Video streaming home page.""" return render_template('index.html') # Stream routing @app.route('/video_feed') def video_feed(): """Video streaming route. Put this in the src attribute of an img tag.""" return Response(generateVideo(), mimetype='multipart/x-mixed-replace; boundary=frame') @app.route("/audio
Read more

NSwag: Generate C# Client from multiple Versions of an API

Image
NSwag: Generate C# Client from multiple Versions of an API We are versioning our API and generating the Swagger specification using Swashbuckle in ASP.NET Core 1.1. We can generate two API docs based on those JSON specification files: <!-- language: c# --> services.AddSwaggerGen(setupAction => { setupAction.SwaggerDoc("0.1", new Info { Title = "Api", Version = "0.1", Description = "API v0.1" }); setupAction.SwaggerDoc("0.2", new Info { Title = "Api", Version = "0.2", Description = "API v0.2" }); // more configuration omitted } We are including all actions in both spec files, unless it is mapped to a specific version using the [MapToApiVersion] and ApiExplorerSettings(GroupName ="<version>")] attributes. Methods belonging to an older version only are also decorated with the [Obsolete] attribute: [MapToApiVersion] ApiExplorerSettings(GroupName ="<version>&quo
Read more