ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error

The sequence of the add statements in the configure function is of importance. Make sure that

app.UseAuthentication();

comes before

app.UseMvc();

Might this have been the problem?

For Dotnetcore 3.1, I placed app.UseAuthentication() before app.UseAuthorization()

In your startup.cs ConfigureServices method if you add

services.AddAuthentication(options =>
            {
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options => ...

Explanation: When you use [Authorize] on a controller it binds to the first authorization system by default.

options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;

With this you are setting your default to JWT Bearer authentication.

additionally you can add

options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;

this line is how to prevent getting 404 not found errors when using Identity with JWTs. If you are using identity the DefaultChallengeScheme will try to redirect you to a login page, which if non existent will result in getting a 404 not found rather than the wanted 401 unauthorized. by setting the DefaultChallengeScheme to JwtBearerDefaults.AuthenticationScheme on unauthorized it will no longer try to redirect you to a login page

If you are using Cookie Authentication with JWT authentication in the [Authorize] tag you can specify what authenticationScheme you want. for example

[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]

ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error

Tags:

C#

Asp.Net Core

Bearer Token

Asp.Net Core Webapi

Asp.Net Core Identity

Related

Recent Posts