Start Debugging

Tag: jwt

5 posts

2026-06-25 errors csharp dotnet

Fix: 405 Method Not Allowed instead of 401 with JWT bearer in ASP.NET Core

A protected endpoint returning 405 instead of 401 almost always means routing rejected the HTTP verb before auth ran, or a cookie scheme stole the challenge. Here is how to tell which.

2026-06-25 csharp dotnet dotnet-11

Why your ASP.NET Core JWT returns 401 even with a valid token

A valid token that still 401s almost always means the bearer handler never ran or ran under the wrong scheme. Check middleware order, the default scheme, the scheme name, and whether the header even reached the handler.

2026-06-22 csharp dotnet dotnet-11

How to validate a JWT's issuer, audience, and lifetime in ASP.NET Core 11

A complete guide to TokenValidationParameters in ASP.NET Core 11: how ValidateIssuer, ValidateAudience, and ValidateLifetime work, what the defaults actually are, why Authority auto-configures the issuer and signing keys, the 5-minute ClockSkew trap, and how to read the IDX error codes when a valid-looking token is rejected.

2026-06-21 csharp dotnet dotnet-11

How to configure CORS for a JWT-protected API in ASP.NET Core 11

A complete guide to CORS for a bearer-token API in ASP.NET Core 11: the correct UseCors ordering relative to authentication, why a bearer token in the Authorization header is not a CORS credential, why AllowAnyHeader works but a manual wildcard does not cover Authorization, and how to keep preflight from failing.

2026-04-28 aspnetcore identity authentication

How to implement refresh tokens in ASP.NET Core Identity

Two working paths in .NET 11: the built-in MapIdentityApi /refresh endpoint, and a custom JWT setup with refresh token rotation, family tracking, and reuse detection.