I have a frustrating problem with my API call (Asp.Net WebAPI and Angular). I use bearer token authorization to authorize the requests. When I make a request to the API from Postman it returns 200 Ok but when I try it from the browser (Angular) I get 401 Unauthorized.
I can get it working if I use [AllowAnonymous]
attribute on top of the controller action but I'd like to keep the [Authorize]
attribute for the security reasons.
I'm not sure what's causing this error. Here is the screenshot of the request headers from the browser. As you can see it includes the valid bearer token as well. The funny thing is that the Authorize attribute works for the other actions in my controller.
https://i.sstatic.net/K5OB1.png
Thank you in advance.
I am answering my own question because I found the reason why this issue occurs. I make a token request to the API which is published on Azure App Service and trying to use that token in my localhost API. Somehow this is causing the issue. When I make a request to the localhost API through postman, I use the token which I have received from the localhost API. So using the token from the localhost API solves this issue.