This project has moved. For the latest updates, please go here.

Can't use a generated ZUMO auth token with a Mobile Service .NET Backend

Oct 31, 2014 at 8:19 PM
I'm receiving HTTP 401 - {"message":"Authorization has been denied for this request."} while trying to authenticate with a JWT with a .NET Mobile Service Backend. Here is my repro steps:

1) For JS backend, create a table (TodoItem) and set the READ permission to "Authenticated User only".

2) For .NET backend, set AuthorizationLevel.User in TodoItemController and publish the service:
// GET tables/TodoItem
[AuthorizeLevel(AuthorizationLevel.User)]
public IQueryable<TodoItem> GetAllTodoItems()
{
  return Query();
}
3) Generate JWTs for both backends using corresponding master keys | details

4) Hit the table with CURL or Fiddler:

JS backend returns HTTP 200:
curl https://auth0-tests.azure-mobile.net/tables/TodoItem -H "x-zumo-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0.eyJleHAiOjE0MTkwMTczMDkuOTUyLCJpc3MiOiJ1cm46bWljcm9zb2Z0OndpbmRvd3MtYXp1cmU6enVtbyIsInZlciI6MiwiYXVkIjoiS0NVb1B5QmdnZ1ZkS1dEeWFJVUF6anBZWVlxdlFWNjEiLCJ1aWQiOiJhdXRoMHw1NDQxNTk1OTQ4NTc2OWVmYWYyNjg1NDgifQ.OvqSBhcOldxcCDna1-Vp4-1_o4ar7h0oYyfmtaDkaxU"


.NET backend returns HTTP 401 - {"message":"Authorization has been denied for this request."}:
curl https://auth0-wams.azure-mobile.net/tables/TodoItem -H "x-zumo-auth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6MH0.eyJleHAiOjE0MTkwMTg3ODIuODY5LCJpc3MiOiJ1cm46bWljcm9zb2Z0OndpbmRvd3MtYXp1cmU6enVtbyIsInZlciI6MiwiYXVkIjoiZmd4UWF3ZHdsQ1l1SEVkakNPVFJzRHd3cGVESGJDODgiLCJ1aWQiOiJhdXRoMHw1NDQxNTk1OTQ4NTc2OWVmYWYyNjg1NDgifQ.OADa-bDfVHBS82RGj6hv7QgWDmKTHanQvtlJY-Z1Qj0"


packages.config (taken from here):
<?xml version="1.0" encoding="utf-8"?>
<packages>
  <package id="Autofac" version="3.5.0" targetFramework="net45" />
  <package id="AutoMapper" version="3.2.1" targetFramework="net45" />
  <package id="EntityFramework" version="6.1.0" targetFramework="net45" />
  <package id="Microsoft.AspNet.Cors" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.Identity.Core" version="2.0.1" targetFramework="net45" />
  <package id="Microsoft.AspNet.Identity.Owin" version="2.0.1" targetFramework="net45" />
  <package id="Microsoft.AspNet.Razor" version="3.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi" version="5.1.1" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.Client" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.Core" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.Cors" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.OData" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.Owin" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.Tracing" version="5.1.2" targetFramework="net45" />
  <package id="Microsoft.AspNet.WebApi.WebHost" version="5.1.1" targetFramework="net45" />
  <package id="Microsoft.Data.Edm" version="5.6.0" targetFramework="net45" />
  <package id="Microsoft.Data.OData" version="5.6.0" targetFramework="net45" />
  <package id="Microsoft.Owin" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Host.SystemWeb" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.ActiveDirectory" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.Cookies" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.Facebook" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.Google" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.Jwt" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.MicrosoftAccount" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.OAuth" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.Owin.Security.Twitter" version="2.1.0" targetFramework="net45" />
  <package id="Microsoft.WindowsAzure.ConfigurationManager" version="2.0.3" targetFramework="net45" />
  <package id="Newtonsoft.Json" version="6.0.4" targetFramework="net45" />
  <package id="Owin" version="1.0" targetFramework="net45" />
  <package id="RazorEngine" version="3.4.1" targetFramework="net45" />
  <package id="System.IdentityModel.Tokens.Jwt" version="3.0.2" targetFramework="net45" />
  <package id="System.Spatial" version="5.6.0" targetFramework="net45" />
  <package id="WindowsAzure.MobileServices.Backend" version="1.0.342" targetFramework="net45" />
  <package id="WindowsAzure.MobileServices.Backend.Entity" version="1.0.342" targetFramework="net45" />
  <package id="WindowsAzure.MobileServices.Backend.Tables" version="1.0.342" targetFramework="net45" />
  <package id="WindowsAzure.ServiceBus" version="2.3.4.0" targetFramework="net45" />
</packages>
From Azure Portal logs:
  • Message: Authentication failed due to an invalid token.
  • Source: Microsoft.WindowsAzure.Mobile.Service.Security.ServiceAuthenticationMiddleware
Oct 31, 2014 at 8:32 PM
Sorry, this could be related to Azure Mobile Services, so feel free to delete the thread. Thanks.