[FIXED] Can't use a generated ZUMO auth token with a Mobile Service .NET Backend

repro_steps.md

Repro steps

1. For JS backend, create a table (TodoItem) and set the READ permission to "Authenticated User only".

2. For .NET backend, set AuthorizationLevel.User in TodoItemController and publish the service:

// GET tables/TodoItem
[AuthorizeLevel(AuthorizationLevel.User)]
public IQueryable<TodoItem> GetAllTodoItems()
{
  return Query();
}

3. Generate JWTs for both backends using corresponding master keys | details

4. Hit the table with CURL or Fiddler:

JS backend returns HTTP 200:

curl https://auth0-tests.azure-mobile.net/tables/TodoItem -H "x-zumo-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0.eyJleHAiOjE0MTkwMTczMDkuOTUyLCJpc3MiOiJ1cm46bWljcm9zb2Z0OndpbmRvd3MtYXp1cmU6enVtbyIsInZlciI6MiwiYXVkIjoiS0NVb1B5QmdnZ1ZkS1dEeWFJVUF6anBZWVlxdlFWNjEiLCJ1aWQiOiJhdXRoMHw1NDQxNTk1OTQ4NTc2OWVmYWYyNjg1NDgifQ.OvqSBhcOldxcCDna1-Vp4-1_o4ar7h0oYyfmtaDkaxU"

.NET backend returns HTTP 401 - {"message":"Authorization has been denied for this request."}:

curl https://auth0-wams.azure-mobile.net/tables/TodoItem -H "x-zumo-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0.eyJleHAiOjE0MTkwMTg3ODIuODY5LCJpc3MiOiJ1cm46bWljcm9zb2Z0OndpbmRvd3MtYXp1cmU6enVtbyIsInZlciI6MiwiYXVkIjoiZmd4UWF3ZHdsQ1l1SEVkakNPVFJzRHd3cGVESGJDODgiLCJ1aWQiOiJhdXRoMHw1NDQxNTk1OTQ4NTc2OWVmYWYyNjg1NDgifQ.OADa-bDfVHBS82RGj6hv7QgWDmKTHanQvtlJY-Z1Qj0"

From Azure Portal logs:

• Message: Authentication failed due to an invalid token.
• Source: Microsoft.WindowsAzure.Mobile.Service.Security.ServiceAuthenticationMiddleware

how is this fixed?