Authorization has been denied for this request even when user is authenticated
Suddenly, this error started happening. The web api method is this:
// POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
That method is inside AccountController which has [Authorize] attribute.
When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.
Let me tell you also that this worked before.... suddenly it stopped working.
I have added this code in Startup.Auth.cs:
var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);
But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.
Any help on this, please?
Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.
EDIT: this is the call in Ajax:
self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}
$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);
location.href = '/';
}).fail(showError);
}
c# asp.net-mvc asp.net-web-api
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
add a comment |
Suddenly, this error started happening. The web api method is this:
// POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
That method is inside AccountController which has [Authorize] attribute.
When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.
Let me tell you also that this worked before.... suddenly it stopped working.
I have added this code in Startup.Auth.cs:
var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);
But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.
Any help on this, please?
Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.
EDIT: this is the call in Ajax:
self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}
$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);
location.href = '/';
}).fail(showError);
}
c# asp.net-mvc asp.net-web-api
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08
@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15
Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21
add a comment |
Suddenly, this error started happening. The web api method is this:
// POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
That method is inside AccountController which has [Authorize] attribute.
When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.
Let me tell you also that this worked before.... suddenly it stopped working.
I have added this code in Startup.Auth.cs:
var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);
But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.
Any help on this, please?
Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.
EDIT: this is the call in Ajax:
self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}
$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);
location.href = '/';
}).fail(showError);
}
c# asp.net-mvc asp.net-web-api
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
Suddenly, this error started happening. The web api method is this:
// POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
That method is inside AccountController which has [Authorize] attribute.
When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.
Let me tell you also that this worked before.... suddenly it stopped working.
I have added this code in Startup.Auth.cs:
var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);
But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.
Any help on this, please?
Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.
EDIT: this is the call in Ajax:
self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}
$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);
location.href = '/';
}).fail(showError);
}
c# asp.net-mvc asp.net-web-api
c# asp.net-mvc asp.net-web-api
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
edited Nov 21 '18 at 22:14
jstuardo
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
asked Nov 21 '18 at 22:05
jstuardojstuardo
97852860
97852860
"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08
@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15
Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21
add a comment |
"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08
@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15
Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21
"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08
"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08
@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15
@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15
Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21
Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53421108%2fauthorization-has-been-denied-for-this-request-even-when-user-is-authenticated%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53421108%2fauthorization-has-been-denied-for-this-request-even-when-user-is-authenticated%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08
@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15
Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21