带有Postman的ASP.NET Web API授权 [英] ASP.NET Web API Authorization with Postman

问题描述

我创建了一个ASP.NET Web API，并将Authorize属性应用于API控制器。现在，我想使用Postman进行测试，但出现授权错误。

控制器代码为：

  [授权] 
 [HttpPost] 
 public IHttpActionResult Attend（[[FromBody] int gigId）
 {
 
 var出席=新出勤率
 {
 GigId = gigId，
 AttendeeId = User.Identity.GetUserId（）
}; 
 
 _context.Attdendances.Add（attendance）; 
 _context.SaveChanges（）; 
返回Ok（）; 
} 
  

我的请求如下

获取以下形式的防伪令牌：

使用数据格式的此发布参数在登录页面上进行发布请求：

现在您的邮递员将获得身份验证cookie，然后您可以使用[authorize]标签请求网络api

编辑

对于工具，您必须添加授权标头。

• 进入标头表单


• 添加HTTP标头授权


• 单击编辑按钮，然后单击;

屏幕截图

上一个答案已删除

I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.

Controller code is:

  [Authorize]
        [HttpPost]
        public IHttpActionResult Attend([FromBody] int gigId)
        {

            var attendance = new Attdendance
            {
                GigId =  gigId,
                AttendeeId = User.Identity.GetUserId()
            };

            _context.Attdendances.Add(attendance);
            _context.SaveChanges();
            return Ok();
        }

My request looks like this http://prntscr.com/c8wz0b

I am using this advance Postman rest client http://prntscr.com/c8xafd

How do I pass authorization in Postman?

解决方案

EDIT 23/08/2016 I presume you are in cookie authentication with identity

// Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            // Configure the sign in cookie
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                }
            });    

This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.

You can go whit it in "postman" but it's tricky this is how I do it :

1. Make a request over your login page :
2. Get the anti forgery token in the form :
3. Make a post request on login page with this post params in data form :

Now your postman get the authentication cookie and you can request web api with [authorize] tag

EDIT

For tool you have to add an authorization header.

• Go in the Headers form
• Add the HTTP header "authorization"
• Click on the edit button et voilà ;)

screen shot

Previous answer deleted

这篇关于带有Postman的ASP.NET Web API授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！