aspnetcore: ApiAuthorization does not work after upgrading to .NET 5
Describe the bug
I am using .NET Core API Authorization since 3.1 which was working fine until I upgraded my project to .NET 5. After updating, I have been getting NullReferenceException
To Reproduce
ConfigureServices method from Startup.cs
services.AddDbContext<ApplicationDbContext>(options =>
options.UseInMemoryDatabase("Databaase"));
services.AddDefaultIdentity<ApplicationUser>()
.AddEntityFrameworkStores<ApplicationDbContext>();
services.AddIdentityServer()
.AddApiAuthorization<ApplicationUser, ApplicationDbContext>();
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.RequireHttpsMetadata = false;
options.SaveToken = true;
options.TokenValidationParameters = new TokenValidationParameters
{
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidIssuer = configuration["Jwt:Issuer"],
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(configuration["Jwt:SecretKey"])),
ValidAudience = configuration["Jwt:Audience"],
ValidateAudience = true,
ValidateLifetime = true,
ClockSkew = TimeSpan.Zero // Override the default clock skew of 5 mins
};
//services.AddCors();
});
Configure method from Startup.cs
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
DbContext public class ApplicationDbContext : ApiAuthorizationDbContext<ApplicationUser>
DbContext Constructor public ApplicationDbContext(DbContextOptions options, IOptions<OperationalStoreOptions> operationalStoreOptions, ICurrentUserService currentUserService, IDateTime dateTime) : base(options, operationalStoreOptions) { _currentUserService = currentUserService; _dateTime = dateTime; }
Exceptions
NullReferenceException as: Object reference not set to an instance of an object. Microsoft.Extensions.DependencyInjection.ConfigureApiResources.GetApiResources()+MoveNext() Microsoft.Extensions.DependencyInjection.ConfigureApiResources.Configure(ApiAuthorizationOptions options)
Further technical details
- ASP.NET version 5.0.0
- Visual Studio 2019 (16.8.2) on Windows 10 OS dotnet-info.txt
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 2
- Comments: 25 (10 by maintainers)
Commits related to this issue
- Fix bug where Identity Server key was missing https://github.com/dotnet/aspnetcore/issues/28456 — committed to panosru/CleanDDDArchitecture by panosru 3 years ago
Cool, so everyone is good here now and I can close? I mentioned that to you earlier https://github.com/dotnet/aspnetcore/issues/28456#issuecomment-742685671 @muqeet-ftg but glad you have resolved it out now 😃
@HaoK it did not work earlier, so I didn’t take that into consideration. Now adding both
Keyand.AddIdentityServerJwt()worked for me. Apologies 😃 … I am really thankful to you and everyone else here who helped me resolving the issue.I am cool, you can close the issue.
As correctly pointed by @colinasquith, it works when I added
.AddIdentityServerJwt()on theservices.AddAuthenticationcall inStartup.cs.Thank you so much
@muqeet-ftg I think you’re missing .AddIdentityServerJwt() on the services.AddAuthentication call in Startup.cs
In my own project I updated and add this and it fixed the two errors on upgrading, although now the Bearer Token stuff I had working no longer works as I get a 401, but I think maybe there’s just some change in the way things are handled.
@HaoK maybe a more specific exception? (just throwing an idea)
@panosru I would suggest you first try to hardcode it in config and make sure it works locally, then move it to your desired config system.
The issue is that there is no key specified in the config file from what I can tell.
Checkout AppSettings.Development.json on a fresh project template and you’ll see there is a section defining a development key
Thanks, looks like that null ref is due to AddIdentityServerJwt not being called which is responsible for registering a service that some of the infrastructure expects. Can you also include a 3.1 repro app that works for comparison.