I have a pretty much boilerplate "ASP.NET Core Web Application (.NET Framework)" application, that should become a REST API, to be hosted on Azure, for use for a website & mobile app.
I want to equip it with token authentication through the headers, and I have chosen for the OpenIdConnect package.
I have copypasted the snippets from this page (https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server) into my template, and added the app.UseOAuthValidation() call, so the code looks like this:
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc();
services.AddAuthentication();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseOAuthValidation();
app.UseOpenIdConnectServer(options =>
{
//..... Copy-paste from the OpenIdConnect page
OnValidateTokenRequest = context => { ... }
OnHandleTokenRequest = context => { ... }
});
app.UseMvc();
}
I am able to get a token (POST to /connect/token).
If I add an [Authorize] to my ValuesController to GET and set the Authorization header with the token but I keep on getting a 401 Unauthorized. The code doesn't even break into the OnValidateTokenRequest or OnHandleTokenRequest methods.
What am I missing?
