我创建了一个ASP.NET Web API,并将Authorize属性应用于API控制器。现在,我想使用Postman进行测试,但出现授权错误。
控制器代码为:
[授权] [HttpPost] public IHttpActionResult Attend([[FromBody] int gigId) { var出席=新出勤率 { GigId = gigId, AttendeeId = User.Identity.GetUserId()}; _context.Attdendances.Add(attendance); _context.SaveChanges(); 返回Ok(); }我的请求如下
现在您的邮递员将获得身份验证cookie,然后您可以使用[authorize]标签请求网络api
编辑
对于工具,您必须添加授权标头。
- 进入标头表单
- 添加HTTP标头授权
- 单击编辑按钮,然后单击;
屏幕截图
上一个答案已删除
I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.
Controller code is:
[Authorize] [HttpPost] public IHttpActionResult Attend([FromBody] int gigId) { var attendance = new Attdendance { GigId = gigId, AttendeeId = User.Identity.GetUserId() }; _context.Attdendances.Add(attendance); _context.SaveChanges(); return Ok(); }My request looks like this prntscr/c8wz0b
I am using this advance Postman rest client prntscr/c8xafd
How do I pass authorization in Postman?
解决方案EDIT 23/08/2016 I presume you are in cookie authentication with identity
// Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.
You can go whit it in "postman" but it's tricky this is how I do it :
Now your postman get the authentication cookie and you can request web api with [authorize] tag
EDIT
For tool you have to add an authorization header.
- Go in the Headers form
- Add the HTTP header "authorization"
- Click on the edit button et voilà ;)
screen shot
Previous answer deleted
更多推荐
带有Postman的ASP.NET Web API授权
发布评论