This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello I am having some issues with an API call from my mobile app.
The API is developed with ASP.NET MVC 5.
All my API calls work, with a 200 status code.
But there is one DELETE call that always returns 401, of course using the same access_token. If I reuse the same token for a different GET/POST/PUT call everything succeeds.
FYI, this is the response that keeps failing, and I don't understand why:
Object {
"config": Object {
"adapter": [Function xhrAdapter],
"baseURL": "https://my.url.com/api/v2",
"data": undefined,
"headers": Object {
"Accept": "applications/json",
"Authorization": "Bearer QsX8raQRx7pKJZHrNkeCEl2yUbsq3mwla1_6DwReJpFSfVWn18fzM6cdI9XgCFOxO-wseMHM1pLSsuNGi3_PNXpWvulv0oTaWnKOt6zUuj_mjetiApfNfUX4FSnRrVcHGycJLt8bf4hJX6P1HMVi4DsZsm9ASwbXXQosqAWKIgE_wMpNtGQ8PXpmZL977HBlM9IzpcRw4SBMslbxh00AY-zz75KTbPSbZM198YzDFT5tJyDYuN1bZBWGYk8ivRYx3OgLLrFMNp4HSRkbzzdmQa1cd7dmLRtUv6bnU8c1NX6rxpdtuoMGvKsTp5ZuWisA",
},
"maxBodyLength": -1,
"maxContentLength": -1,
"method": "delete",
"params": Object {},
"timeout": 0,
"transformRequest": Array [
[Function transformRequest],
],
"transformResponse": Array [
[Function transformResponse],
],
"transitional": Object {
"clarifyTimeoutError": false,
"forcedJSONParsing": true,
"silentJSONParsing": true,
},
"url": "Products/4670?target=mobile",
"validateStatus": [Function validateStatus],
"xsrfCookieName": "XSRF-TOKEN",
"xsrfHeaderName": "X-XSRF-TOKEN",
},
"data": Object {
"message": "Authorization has been denied for this request.",
},
"duration": 69,
"headers": Object {
"cache-control": "no-cache",
"content-length": "68",
"content-type": "application/json; charset=utf-8",
"date": "Tue, 01 Mar 2022 23:25:32 GMT",
"expires": "-1",
"pragma": "no-cache",
"server": "Microsoft-IIS/10.0",
"www-authenticate": "Bearer",
"x-aspnet-version": "4.0.30319",
"x-powered-by": "ASP.NET",
},
"ok": false,
"originalError": [Error: Request failed with status code 401],
"problem": "CLIENT_ERROR",
"status": 401,
}
NOTE: when I use Postman to log in to the /token endpoint, the access_token that I get back is about double in characters length, not sure if it depends by the device I am using to log in (Postman vs mobile app).
Can anyone see what's wrong?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 51%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Stesvis ,
I think you could try to use [AllowAnonymous] attribute on your controller for delete action.
Best regards,
Yijing Sun
You have not told us anything about how the delete works. Perhaps the user/claim/role does not have authorization to delete the resource. Check the code.
You are right, it has to do with some claims not being added to the identity.