.nettokenowinwebapi

Web API with OWIN Auth is returning "Authorization has been denied for this request." on every action with [Authorize]


I have Web API with taken based authorization. I am successfully able to register a user and get access_token from the API. But, when I post to any other endpoint with the access_token on the header for the same user, I am getting

"Message": "Authorization has been denied for this request."

If I remove the [Authorize] decoration on the action method, only the client is validated in the ValidateClientAuthentication and request gets processed fine. I am trying to post these requests from Postman, sending body parameters as x-www-form-urencoded.

enter image description here

The API is built using oAuth and MS identity. Client gets authenticated successfully in ValidateClientAuthentication.


Solution

  • Just add Bearer before your token on the access_token parameter It should look like this :

    Authorization: Bearer sdifusdifnPOIJDFPIUdfhpiuhdfg164