使用 Postman 进行 ASP.NET Web API 授权 [英] ASP.NET Web API Authorization with Postman
问题描述
我创建了一个 ASP.NET Web API 并将 Authorize 属性应用到 API 控制器.现在,我想使用 Postman 对其进行测试,但出现授权错误.
控制器代码是:
[授权][HttpPost]公共 IHttpActionResult 参加([FromBody] int gigId){var 出勤率 = 新出勤率{GigId = gigId,AttendeeId = User.Identity.GetUserId()};_context.Attdenances.Add(出席);_context.SaveChanges();返回确定();}
我的请求如下所示
- 获取表单中的防伪令牌:
- 在登录页面上使用此帖子参数以数据形式发出帖子请求:
现在您的邮递员获得了身份验证 cookie,您可以使用 [authorize] 标签请求 web api
编辑
对于工具,您必须添加授权标头.
- 进入标题表单
- 添加 HTTP 标头授权"
- 点击编辑按钮等瞧;)
上一个答案已删除
I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.
Controller code is:
[Authorize]
[HttpPost]
public IHttpActionResult Attend([FromBody] int gigId)
{
var attendance = new Attdendance
{
GigId = gigId,
AttendeeId = User.Identity.GetUserId()
};
_context.Attdendances.Add(attendance);
_context.SaveChanges();
return Ok();
}
My request looks like this http://prntscr.com/c8wz0b
I am using this advance Postman rest client http://prntscr.com/c8xafd
How do I pass authorization in Postman?
EDIT 23/08/2016 I presume you are in cookie authentication with identity
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.
You can go whit it in "postman" but it's tricky this is how I do it :
- Make a request over your login page :
- Get the anti forgery token in the form :
- Make a post request on login page with this post params in data form :
Now your postman get the authentication cookie and you can request web api with [authorize] tag
EDIT
For tool you have to add an authorization header.
- Go in the Headers form
- Add the HTTP header "authorization"
- Click on the edit button et voilà ;)
Previous answer deleted
这篇关于使用 Postman 进行 ASP.NET Web API 授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!