带有Postman的ASP.NET Web API授权

本文介绍了带有Postman的ASP.NET Web API授权的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我创建了一个ASP.NET Web API，并将Authorize属性应用于API控制器。现在，我想使用Postman进行测试，但出现授权错误。

控制器代码为：

[授权] [HttpPost] public IHttpActionResult Attend（[[FromBody] int gigId） { var出席=新出勤率 { GigId = gigId， AttendeeId = User.Identity.GetUserId（）}; _context.Attdendances.Add（attendance）; _context.SaveChanges（）; 返回Ok（）; }

我的请求如下

获取以下形式的防伪令牌：

使用数据格式的此发布参数在登录页面上进行发布请求：

现在您的邮递员将获得身份验证cookie，然后您可以使用[authorize]标签请求网络api

编辑

对于工具，您必须添加授权标头。

• 进入标头表单
• 添加HTTP标头授权
• 单击编辑按钮，然后单击;

屏幕截图

上一个答案已删除

I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.

Controller code is:

[Authorize] [HttpPost] public IHttpActionResult Attend([FromBody] int gigId) { var attendance = new Attdendance { GigId = gigId, AttendeeId = User.Identity.GetUserId() }; _context.Attdendances.Add(attendance); _context.SaveChanges(); return Ok(); }

My request looks like this prntscr/c8wz0b

I am using this advance Postman rest client prntscr/c8xafd

How do I pass authorization in Postman?

解决方案

EDIT 23/08/2016 I presume you are in cookie authentication with identity

// Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager)) } });

This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.

You can go whit it in "postman" but it's tricky this is how I do it :

Make a request over your login page :

Get the anti forgery token in the form :

Make a post request on login page with this post params in data form :

Now your postman get the authentication cookie and you can request web api with [authorize] tag

EDIT

For tool you have to add an authorization header.

• Go in the Headers form
• Add the HTTP header "authorization"
• Click on the edit button et voilà ;)

screen shot

Previous answer deleted