Let's answer the following questions to practice what we have learned in this chapter:
- In the Configure method in the Startup class, what is wrong with the following:
public void Configure(...)
{
...
app.UseEndpoints(...);
app.UseAuthentication();
}
- What attribute can be added to a protected action method to allow unauthenticated users to access it?
- We are building an app with an ASP.NET Core backend and using an identity provider to authenticate users. The default audience has been set to http://my-app in the identity provider, and we have configured the authentication service in our ASP.NET Core backend as follows:
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme =
JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme =
JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
...
options.Audience = "https://myapp";
});
When we try to access protected resources in our ASP.NET Core backend, we receive an HTTP status code 401. What is the problem here?
- A JWT has the following decoded payload data. What date and time does it expire:
{
"nbf": 1559876843,
"auth_time": 1559876843,
"exp": 1559900000,
...
}
- We have a valid access token from an identity provider and are using it to access a protected resource. We have set the following HTTP header in the request:
Authorisation: bearer some-access-token
We receive an HTTP status code 401 from the request though. What is the problem?
- How can we access HTTP request information in a class outside of an API controller?
- In an API controller, how can we access an authenticated user ID?