You're reading from ASP.NET Core 5 and React Full-stack web development using .NET 5, React 17, and TypeScript 4

Product type Paperback

Published in Jan 2021

Last Updated in Feb 2025

Publisher Packt

ISBN-13 9781800206168

Length 568 pages

Edition 2nd Edition

Languages

Tools

.NET

Concepts

Full Stack Web Development

Author (1):

Carl Rippon

Preface

1. Section 1: Getting Started

2. Chapter 1: Understanding the ASP.NET 5 React Template FREE CHAPTER

3. Chapter 2: Creating Decoupled React and ASP.NET 5 Apps

4. Section 2: Building a Frontend with React and TypeScript

5. Chapter 3: Getting Started with React and TypeScript

6. Chapter 4: Styling React Components with Emotion

7. Chapter 5: Routing with React Router

8. Chapter 6: Working with Forms

9. Chapter 7: Managing State with Redux

10. Section 3: Building an ASP.NET Backend

11. Chapter 8: Interacting with the Database with Dapper

12. Chapter 9: Creating REST API Endpoints

13. Chapter 10: Improving Performance and Scalability

14. Chapter 11: Securing the Backend

15. Chapter 12: Interacting with RESTful APIs

16. Section 4: Moving into Production

17. Chapter 13: Adding Automated Tests

18. Chapter 14: Configuring and Deploying to Azure

19. Chapter 15: Implementing CI and CD with Azure DevOps

20. Other Books You May Enjoy

Answers

The problem is that authentication comes after the endpoints are handled in the request pipeline, which means that the user will always be unauthenticated in controller action methods even if the request has a valid access token. This means that protected resources will never be able to be accessed. UseAuthentication should come before UseEndpoints in the Configure method.
An AllowAnonymous attribute can be added to a protected action method to allow unauthenticated users to access it.
The problem is that the ASP.NET Core backend validates that the audience in the JWT is https://myapp, but the identity provider has been configured to set the audience to http://my-app. This results in the request being unauthorized.
The exp field gives the expiry date, which is 1609757875 seconds after January 1, 1970, which, in turn, is January 4, 2021, 10:57:55 (GMT).
The problem is that the HTTP header name needs to be Authorization – that is, we have spelled it...