Using Identity with token and cookie authentication

Im trying to setup Token authentication with cookie authentication on same time in my application. I created a MVC project in asp.net core 2.0, with individual user accounts to auth. Setup roles to the users too. If i follow this tutorial of Shawn Wildermuth Two-AuthorizationSchemes-in-ASP-NET-Core-2 Everything works fine to get the Token of the registered user. But if i use the Role attr

使用标识和Cookie身份验证

我试图在我的应用程序中同时使用cookie身份验证设置令牌身份验证。 我在asp.net核心2.0中创建了一个MVC项目,其中个人用户帐户为auth。 也为用户设置角色。 如果我遵循Shawn Wildermuth双授权方案的ASP-NET-Core-2的教程 一切工作正常,以获得注册用户的令牌。 但是,如果我在授权[Authorize(Roles =“Admin”)]上使用角色属性即时获得403响应。 我认为这是因为令牌没有收到身份验证的角色。 如何设置此? 有什么方

Cookie Authentication not working with Authorization policy in asp.net core

Upgrading Scott Wildermuth's World Trip app to ASP.NET Core 2.0. The code below is not working. Since I am using two authentication types and I will like both to work on the api controllers, I decided to use Authorization policy. public void ConfigureServices(IServiceCollection services) { //Some codes here services.AddAuthentication() .AddCookie() .AddJwtBearer(**Impl

Cookie身份验证不适用于asp.net核心中的授权策略

将Scott Wildermuth的World Trip应用升级到ASP.NET Core 2.0。 下面的代码不起作用。 由于我使用两种身份验证类型,我希望两者都能在api控制器上工作,所以我决定使用授权策略。 public void ConfigureServices(IServiceCollection services) { //Some codes here services.AddAuthentication() .AddCookie() .AddJwtBearer(**Implementation is fine**); services.AddAuthorization(options =>

ASP.NET Core Web API Facebook JWT Authentication

I am trying to implement Facebook based authentication in asp.net core Web Api. I searched a lot and read most of the blog related to the authentication in asp.net core using JWT but I did not found any of that article which is using facebook to authenticate and generate JWT. Some of the article were using ASP.NET Core MVC to login using facebook.I tried adding that in web API but After submitt

ASP.NET核心Web API Facebook JWT认证

我正在尝试在asp.net核心Web API中实现基于Facebook的身份验证。 我搜索了很多,并阅读了大部分有关使用JWT在asp.net核心中进行身份验证的博客,但是我没有发现任何使用Facebook进行身份验证并生成JWT的文章。 一些文章使用ASP.NET Core MVC登录使用Facebook。我试图在web API中添加,但提交用户名和密码Facebook后,而不是重定向到ExternalLoginCallback它会给出错误404。 [HttpPost] [AllowAnonymous] public IAct

Web API Authentication in ASP.NET 5

I've been studying ASP.NET 5 for some time now and there is something I'm yet confused. To implement authentication in Web API 2 what I used to do was basically use the OWIN OAuth Authentication Server Middleware. It was simple to use, I could configure just what I needed and there wasn't a bunch of stuff I needed to put on the app without need for it. Now, at first I didn't f

ASP.NET 5中的Web API身份验证

我一直在研究ASP.NET 5一段时间,还有一些我还是感到困惑。 要在Web API 2中实现身份验证,我以前所做的基本上是使用OWIN OAuth身份验证服务器中间件。 使用起来非常简单,我可以根据自己的需要进行配置,而且我不需要在应用程序中添加任何东西,而无需使用它。 现在,起初我没有在ASP.NET 5中找到它,我认为等待中间件出现是时间问题。 但昨天,在阅读关于安全回购的问题后,我发现显然并不打算将此中间件移植到新版本的框

WebApi: Token

Is there any way to user both Token based authentication and Windows authentication in a web api application? We have a "standard" web-api-application using token based (bearer) authentication. The OAuth-Configuration looks like this: OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(

WebApi:令牌

有没有什么办法在Web api应用程序中使用基于令牌的身份验证和Windows身份验证? 我们有一个使用基于令牌(承载)认证的“标准”web-api应用程序。 OAuth配置如下所示: OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), }; app.UseOAuthBea

SignalR authentication with webAPI Bearer Token

+i used this solution to implement Token Based Authentication using ASP.NET Web API 2, Owin, and Identity...which worked out excellently well. i used this other solution and this to implement signalR hubs authorization and authentication by passing the bearer token through a connection string, but seems like either the bearer token is not going, or something else is wrong somewhere, which is why

带有webAPI承载令牌的SignalR认证

+我使用这个解决方案来实现基于令牌的身份验证,使用ASP.NET Web API 2,Owin和Identity ...,这个解决方案非常出色。 我使用这个其他解决方案,并通过传递持票人令牌通过连接字符串来实现signalR集线器授权和身份验证,但似乎无论是持票人令牌不会或其他地方是错误的,这就是为什么在这里寻求帮助。 ..这些是我的代码... QueryStringBearerAuthorizeAttribute:这是负责验证的类 using ImpAuth.Entities; using Microsoft.AspN

JWT Bearer not protecting routes

I followed the tutorial to configure JWT with Identity on Net Core 2.0 : https://medium.com/@lugrugzo/asp-net-core-2-0-webapi-jwt-authentication-with-identity-mysql-3698eeba6ff8 Author clearly states that there is need to add [Authorize] to protect endpoints, but I want to protect all endpoint unless explicitly specified [AllowAnonymous]. I read other tutorials about JWT Bearer and they look e

JWT持票人不保护路线

我按照教程在Net Core 2.0上配置了身份验证的JWT:https://medium.com/@lugrugzo/asp-net-core-2-0-webapi-jwt-authentication-with-identity-mysql-3698eeba6ff8 作者明确指出,需要添加[Authorize]来保护端点,但我想保护所有端点,除非明确指定[AllowAnonymous]。 我阅读了关于JWT Bearer的其他教程,他们看起来完全一样,但作者说它应该默认请求授权... 这是我的Startup.cs // This method gets called by the runtime

ASP.NET Core Authorize attribute not working with JWT

I want to implement JWT-based security in ASP.Net Core. All I want it to do, for now, is to read bearer tokens in the Authorization header, and validate them against my criteria. I don't need (and don't want) to include ASP.Net Identity. In fact, I'm trying to avoid using as many of the things that MVC adds in as possible, unless I really need them. I've created a minimal pro

ASP.NET Core Authorize属性不能与JWT一起使用

我想在ASP.Net Core中实现基于JWT的安全性。 现在我想要做的就是在Authorization标题中读取不记名令牌,并根据我的标准验证它们。 我不需要(也不想)包含ASP.Net Identity。 实际上,我尽量避免使用尽可能多的MVC添加的内容,除非我真的需要它们。 我创建了一个最小化的项目,它演示了这个问题。 要查看原始代码,只需查看编辑历史记录即可。 我希望此示例拒绝所有/ api /图标的请求,除非它们为Authorization HTTP标头

What kind of bearer authentication token is this?

So I implemented some bearer token authentication using this guide. It uses OWIN-based OAuth library provided by Microsoft to generate the tokens. I can't figure out what token this generates. I am asking because I am trying to migrate this to ASP.NET Core but all the articles out there are about JWT token (Yes, I do know that the JWT token can be used as bearer token with OAuth2) and this

这是什么样的承载身份验证令牌?

所以我使用本指南实施了一些不记名令牌认证。 它使用Microsoft提供的基于OWIN的OAuth库来生成令牌。 我无法弄清楚这会产生什么标记。 我在问,因为我试图将这个迁移到ASP.NET Core,但所有的文章都是关于JWT令牌(是的,我知道JWT令牌可以用作OAuth2的不记名令牌),这显然不是JWT令牌。 响应如下所示: { "access_token": "NXNps5iEafO6v2QMGOpXCGXBNVQw1DQTr9nV9JgG1XIRxEG9_3eliy4MQ3a050GKDQEBuQ_Y1vW-vEkPKx5MWlwEv

Request Authentication in ASP.Net Web Api 2: OWIN or IAuthenticationFilter

I am on the lookout to choose an appropriate Authentication strategy for my ASP.Net Web Api 2. My clients login to Auth0 and get a Bearer token and pass it to my Api. Base on my researches there are several Authentication mechanism that I can choose to validate the request token in the Api however two of them seem better options Using OWIN middleware(ie JWT) Using a custom filter attribute d

ASP.Net Web Api 2中的请求身份验证:OWIN或IAuthenticationFilter

我正在寻找为我的ASP.Net Web Api 2选择适当的身份验证策略。我的客户端登录到Auth0并获取一个持有者令牌并将其传递给我的Api。 根据我的研究,我可以选择几种验证机制来验证Api中的请求令牌,但其中两种似乎更好 使用OWIN中间件(即JWT) 使用从IAuthenticationFilter派生的自定义过滤器属性 我想知道OWIN与IAuthenticationFilter相比有什么优势吗? 优缺点都有什么?