Bearer Token Authentication in ASP.NET Core

Question

Trying to use bearer token based authentification in simple .Net Core Web API project. Here is my Startup.cs

app.UseMvc();
//---
const string secret         


        

Answer 1

In ASP.NET Core, the order of the middleware matters: they are executed in the same order as they are registered. Here, app.UseMvc() is called before the JWT bearer middleware, so this can't work.

Put app.UseMvc() at the end of your pipeline and it should work:

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    TokenValidationParameters = tokenValidationParameters,
    AuthenticationScheme = JwtBearerDefaults.AuthenticationScheme,
});

app.UseMvc();

Answer 2

For .NET Core 3.0 you would need:

In ConfigureServices(IServiceCollection services):

services.AddAuthentication()
    .AddJwtBearer(options =>
    {
        options.Authority = issuer;
        options.Audience  = audience;
        options.TokenValidationParameters = tokenValidationParameters;
    });

In Configure(IApplicationBuilder app, IWebHostEnvironment env):

// Add it after app.UseRouting() and before app.UseEndpoints()! 
// Order of middlewares is important!
app.UseAuthentication();
app.UseAuthorization();

PS: To omit authentication scheme indication in [Authorize] attribute you could set the default authentication scheme in ConfigureServices(IServiceCollection services) in AuthenticationOptions options:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
});