ASP.NET core JWT authentication always throwing 401 unauthorized

Keep in mind that the UseAuthentication, UseRouting and UseAuthorization middleware must in correct in order for the ASP framework properly inject the identity context to http request. It should look like this: (.NET Core 3.1) Edit: the same code applies to .NET 5 & .NET 6 app.UseAuthentication(); app.UseRouting(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); });

Get claims from a WebAPI Controller – JWT Token,

You should be able to retrieve a claims like this within your controller var identity = HttpContext.User.Identity as ClaimsIdentity; if (identity != null) { IEnumerable<Claim> claims = identity.Claims; // or identity.FindFirst(“ClaimName”).Value; } If you wanted, you could write extension methods for the IPrincipal interface and retrieve claims using the code above, then retrieve them using …

Read more

Where to store a JWT token properly and safely in a web based application?

Where to Store Your JWTs With token-based authentication, you are given the choice of where to store the JWT. We strongly recommend that you store your tokens in local storage/session storage or a cookie. Web Storage (local storage/session storage) Commonly, the JWT is placed in the browsers local storage and this works well for most …

Read more