Authorization has been denied for this request even when user is authenticated












1














Suddenly, this error started happening. The web api method is this:



    // POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}


That method is inside AccountController which has [Authorize] attribute.



When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.



Let me tell you also that this worked before.... suddenly it stopped working.



I have added this code in Startup.Auth.cs:



        var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);


But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.



Any help on this, please?



Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.



EDIT: this is the call in Ajax:



self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}

$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);

location.href = '/';
}).fail(showError);
}









share|improve this question
























  • "Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
    – Stefan
    Nov 21 '18 at 22:08












  • @Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
    – jstuardo
    Nov 21 '18 at 22:15












  • Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
    – Stefan
    Nov 21 '18 at 22:21


















1














Suddenly, this error started happening. The web api method is this:



    // POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}


That method is inside AccountController which has [Authorize] attribute.



When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.



Let me tell you also that this worked before.... suddenly it stopped working.



I have added this code in Startup.Auth.cs:



        var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);


But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.



Any help on this, please?



Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.



EDIT: this is the call in Ajax:



self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}

$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);

location.href = '/';
}).fail(showError);
}









share|improve this question
























  • "Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
    – Stefan
    Nov 21 '18 at 22:08












  • @Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
    – jstuardo
    Nov 21 '18 at 22:15












  • Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
    – Stefan
    Nov 21 '18 at 22:21
















1












1








1







Suddenly, this error started happening. The web api method is this:



    // POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}


That method is inside AccountController which has [Authorize] attribute.



When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.



Let me tell you also that this worked before.... suddenly it stopped working.



I have added this code in Startup.Auth.cs:



        var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);


But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.



Any help on this, please?



Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.



EDIT: this is the call in Ajax:



self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}

$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);

location.href = '/';
}).fail(showError);
}









share|improve this question















Suddenly, this error started happening. The web api method is this:



    // POST api/Account/Logout
[Route("Logout")]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}


That method is inside AccountController which has [Authorize] attribute.



When I just logged in and I see a page that also has [Authorize], I press a button that allows me to log out. Tha log out button calls the Web Api using Ajax.



Let me tell you also that this worked before.... suddenly it stopped working.



I have added this code in Startup.Auth.cs:



        var config = new System.Web.Http.HttpConfiguration();
app.UseWebApi(config);


But it did not work either. I added that line just in case, because as I have old you, this worked before, without that line.



Any help on this, please?



Also please, don't suggest to remove [Authorize] attibute, as I have seen in other answeres here. Web Api's have to be called being authenticated.



EDIT: this is the call in Ajax:



self.logout = function () {
// Log out from the cookie based logon.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}

$.ajax({
type: 'POST',
url: '/api/Account/Logout',
headers: headers
}).done(function (data) {
// Successfully logged out. Delete the token.
self.user('');
sessionStorage.removeItem(tokenKey);

location.href = '/';
}).fail(showError);
}






c# asp.net-mvc asp.net-web-api






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 21 '18 at 22:14







jstuardo

















asked Nov 21 '18 at 22:05









jstuardojstuardo

97852860




97852860












  • "Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
    – Stefan
    Nov 21 '18 at 22:08












  • @Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
    – jstuardo
    Nov 21 '18 at 22:15












  • Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
    – Stefan
    Nov 21 '18 at 22:21




















  • "Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
    – Stefan
    Nov 21 '18 at 22:08












  • @Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
    – jstuardo
    Nov 21 '18 at 22:15












  • Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
    – Stefan
    Nov 21 '18 at 22:21


















"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08






"Tha log out button calls the Web Api using Ajax": how are the credentials/token/auth_cookies being passed to the controller?
– Stefan
Nov 21 '18 at 22:08














@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15






@Stefan I have removed cookies in browser and it started working again. /api/Account/Logout started working, but the problem is that suddenly, it stops working. I have edited the question to show you how the ajax call is made.
– jstuardo
Nov 21 '18 at 22:15














Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21






Ah, bearer; changes a big that the token has expired on your last try. Make sure you refresh it according to the identity provider.
– Stefan
Nov 21 '18 at 22:21














0






active

oldest

votes











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53421108%2fauthorization-has-been-denied-for-this-request-even-when-user-is-authenticated%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes
















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53421108%2fauthorization-has-been-denied-for-this-request-even-when-user-is-authenticated%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python