Skip to content

Instantly share code, notes, and snippets.

@siacomuzzi
Last active October 11, 2015 20:13
Show Gist options
  • Save siacomuzzi/eb8f1e472d0dd0bc3d2e to your computer and use it in GitHub Desktop.
Save siacomuzzi/eb8f1e472d0dd0bc3d2e to your computer and use it in GitHub Desktop.
[FIXED] Can't use a generated ZUMO auth token with a Mobile Service .NET Backend

Repro steps

  1. For JS backend, create a table (TodoItem) and set the READ permission to "Authenticated User only".

  2. For .NET backend, set AuthorizationLevel.User in TodoItemController and publish the service:

// GET tables/TodoItem
[AuthorizeLevel(AuthorizationLevel.User)]
public IQueryable<TodoItem> GetAllTodoItems()
{
  return Query();
}
  1. Generate JWTs for both backends using corresponding master keys | details

  2. Hit the table with CURL or Fiddler:

JS backend returns HTTP 200:

curl https://auth0-tests.azure-mobile.net/tables/TodoItem -H "x-zumo-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0.eyJleHAiOjE0MTkwMTczMDkuOTUyLCJpc3MiOiJ1cm46bWljcm9zb2Z0OndpbmRvd3MtYXp1cmU6enVtbyIsInZlciI6MiwiYXVkIjoiS0NVb1B5QmdnZ1ZkS1dEeWFJVUF6anBZWVlxdlFWNjEiLCJ1aWQiOiJhdXRoMHw1NDQxNTk1OTQ4NTc2OWVmYWYyNjg1NDgifQ.OvqSBhcOldxcCDna1-Vp4-1_o4ar7h0oYyfmtaDkaxU"

.NET backend returns HTTP 401 - {"message":"Authorization has been denied for this request."}:

curl https://auth0-wams.azure-mobile.net/tables/TodoItem -H "x-zumo-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0.eyJleHAiOjE0MTkwMTg3ODIuODY5LCJpc3MiOiJ1cm46bWljcm9zb2Z0OndpbmRvd3MtYXp1cmU6enVtbyIsInZlciI6MiwiYXVkIjoiZmd4UWF3ZHdsQ1l1SEVkakNPVFJzRHd3cGVESGJDODgiLCJ1aWQiOiJhdXRoMHw1NDQxNTk1OTQ4NTc2OWVmYWYyNjg1NDgifQ.OADa-bDfVHBS82RGj6hv7QgWDmKTHanQvtlJY-Z1Qj0"

From Azure Portal logs:

  • Message: Authentication failed due to an invalid token.
  • Source: Microsoft.WindowsAzure.Mobile.Service.Security.ServiceAuthenticationMiddleware
@ConnectedReasoning
Copy link

how is this fixed?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment