Hi Guys,
I am trying to build a bespoke DotNet Core web API protected by ISVaaS, using OAuth introspection.
I've had problems getting the native reference token validation feature in C# to work (
click here). This uses the built-in open-source IdenityServer middleware that comes with DotNet Core. Basically, I'm always getting a 401 UNAUTHORIZED response from the DotNet web API, even though the bearer token I'm passing is valid. Below is the request I am attempting:
var client = new RestClient("https://localhost:5001/WeatherForecast");
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "Bearer **REMOVED**");;
IRestResponse response = client.Execute(request);
Below is the response I am getting from the DotNet Core web API:
< HTTP/1.1 401 Unauthorized
< Date: Tue, 19 Oct 2021 20:35:35 GMT
< Server: Kestrel
< Content-Length: 0
The API C# is as follows:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
namespace API.Controllers
{
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
{
private static readonly string[] Summaries = new[]
{
"Freezing", "Bracing", "Chilly", "Cool", "Mild", "Warm", "Balmy", "Hot", "Sweltering", "Scorching"
};
private readonly ILogger<WeatherForecastController> _logger;
public WeatherForecastController(ILogger<WeatherForecastController> logger)
{
_logger = logger;
}
[HttpGet]
[Authorize]
public IEnumerable<WeatherForecast> Get()
{
var rng = new Random();
return Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray();
}
}
}
Given how popular DotNet Core is, I wanted to reach out to the ISV community to see if anyone had any experience using ISV with homebuilt DotNet Core APIs.
------------------------------
Timothy
------------------------------