使用 Postman 进行 ASP.NET Web API 授权 [英] ASP.NET Web API Authorization with Postman

问题描述

我创建了一个 ASP.NET Web API 并将 Authorize 属性应用到 API 控制器.现在，我想使用 Postman 对其进行测试，但出现授权错误.

控制器代码是:

[授权][HttpPost]公共 IHttpActionResult 参加([FromBody] int gigId){var 出勤率 = 新出勤率{GigId = gigId，AttendeeId = User.Identity.GetUserId()};_context.Attdenances.Add(出席);_context.SaveChanges();返回确定()；}

我的请求如下所示

1. 获取表单中的防伪令牌:

1. 在登录页面上使用此帖子参数以数据形式发出帖子请求:

现在您的邮递员获得了身份验证 cookie，您可以使用 [authorize] 标签请求 web api

编辑

对于工具，您必须添加授权标头.

• 进入标题表单
• 添加 HTTP 标头授权"
• 点击编辑按钮等瞧;)

屏幕截图

上一个答案已删除

I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.

Controller code is:

[Authorize]
[HttpPost]
public IHttpActionResult Attend([FromBody] int gigId)
{
    var attendance = new Attdendance
    {
        GigId =  gigId,
        AttendeeId = User.Identity.GetUserId()
    };

    _context.Attdendances.Add(attendance);
    _context.SaveChanges();
    return Ok();
}

My request looks like this http://prntscr.com/c8wz0b

I am using this advance Postman rest client http://prntscr.com/c8xafd

How do I pass authorization in Postman?

解决方案

EDIT 23/08/2016 I presume you are in cookie authentication with identity

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.

You can go whit it in "postman" but it's tricky this is how I do it :

1. Make a request over your login page :

2. Get the anti forgery token in the form :

3. Make a post request on login page with this post params in data form :

Now your postman get the authentication cookie and you can request web api with [authorize] tag

EDIT

For tool you have to add an authorization header.

• Go in the Headers form
• Add the HTTP header "authorization"
• Click on the edit button et voilà ;)

screen shot

Previous answer deleted

这篇关于使用 Postman 进行 ASP.NET Web API 授权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！