Base solution for your next web application
Open Closed

Jwt Token #2251


User avatar
0
paulvg created

Hi we are developing a application which will consume custom api's.

Were fiddling with acquiring a jwt token .

Sending a post (according to the development guide) to <a class="postlink" href="http://localhost:62114/jwt-token/authenticate">http://localhost:62114/jwt-token/authenticate</a> returns a 404 :shock:

So after scrolling some code we found the TokenAuthController. Which works from swagger, but when we post the same json body from a external app returns a 400 bad request.

Could you point out what the correct way is to get a jwt token?


12 Answer(s)
  • User Avatar
    0
    ianmark89 created

    You should Enable Cors since it is disabled by default.

  • User Avatar
    0
    trendline created

    Where to enable Cors? I also encountered this issue

  • User Avatar
    0
    ianmark89 created

    You can read this article for more information. <a class="postlink" href="http://www.c-sharpcorner.com/article/enable-cross-origin-resource-sharing-cors-in-asp-net-core/">http://www.c-sharpcorner.com/article/en ... -net-core/</a>

  • User Avatar
    0
    trendline created

    Thanks, I already checked the article, follow up the steps, I copied some configurations from host project startup file to mvc project startup file, it still cannot found jwt-token/authenticate, it's status is 404 Not Found in POSTMAN.

    is something go wrong?

  • User Avatar
    0
    paulvg created

    So what i've found out, is that you need to aquire a token by sending a post to api/TokenAuth/Authenticate With a json body { "UserNameOrEmailAddress": "admin", "Password": "123qwr" }

    But to make this post successfull you'll need to disable

    //options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()); in the startup

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    @trendline, do you use AspNet Core version or AspNet MVC 5.x version ? The url changes according to that.

    For ASP.NET Core Version you can check this doc <a class="postlink" href="https://aspnetzero.com/Documents/Development-Guide-Core#token-based-authentication">https://aspnetzero.com/Documents/Develo ... entication</a>

    For ASP.NET MVC 5.x <a class="postlink" href="https://aspnetzero.com/Documents/Development-Guide-Mvc-Angularjs#token-based-authentication">https://aspnetzero.com/Documents/Develo ... entication</a>

  • User Avatar
    0
    trendline created

    I am using the aspnet core mvc edition, I found it in Host project and publish the Host project to host the API services. But the token based authenticate doesn't work well, it has below issues: if don't specified the Abp.TenantId, it could return access token if specified one not exist Abp.TenantId, it could return access token if specified the Abp.TenantId = 1, it could return login failed the user account has been locked out, please try again later if the specified Abp.TenantId is configured as separated individual Database, it return internal server error

  • User Avatar
    0
    trendline created

    I didn't find "//options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()); ", in Host startup file? or MVC startup file?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    We will try the scenarios you provided, but if don't specified the Abp.TenantId, it is normal that you can get access token because host users does not have Abp.TenantId.

    Probably you tried a few times to authenticate with the user of TenantId=1, that is why you get locked out error.

    options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute())
    

    This code exists in the ConfigureServices of Startup.cs in both Host and MVC projects.

    By the way, if you want to use Host project to authenticate, please refer to this document <a class="postlink" href="https://aspnetzero.com/Documents/Development-Guide-Angular#ttoken-based-authentication">https://aspnetzero.com/Documents/Develo ... entication</a>.

  • User Avatar
    0
    trendline created

    Thanks @ismcagdas I have resolved my issues after checked <a class="postlink" href="https://aspnetzero.com/Documents/Development-Guide-Angular#ttoken-based-authentication">https://aspnetzero.com/Documents/Develo ... entication</a>, it is great that use Host website to provide API services, it is so cool.

    "if the specified Abp.TenantId is configured as separated individual Database, it return internal server error" This issues mentioned before, because my separated individual Database for a tenant with an incorrect connection string , after correct the connection string it works fine now.

    options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute())
    

    I have checked the latest code from GitHub, this already removed, not existing in startup, right?

  • User Avatar
    0
    ismcagdas created
    Support Team

    I'm glad that it worked out for you :).

    This code exists in MVC project <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/blob/master/src/MyCompanyName.AbpZeroTemplate.Web.Mvc/Startup/Startup.cs#L35">https://github.com/aspnetzero/aspnet-ze ... tup.cs#L35</a>

    But it does not exists in Host project, you are right. <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero-core/blob/master/src/MyCompanyName.AbpZeroTemplate.Web.Host/Startup/Startup.cs#L44">https://github.com/aspnetzero/aspnet-ze ... tup.cs#L44</a>

    Because host project does not need it since it is called from different domains.

  • User Avatar
    0
    trendline created

    Sure, Thanks. I have found the code in MVC project.