asp.net-authentication

问题 I follow the tutorial link below. https://fullstackmark.com/post/13/jwt-authentication-with-aspnet-core-2-web-api-angular-5-net-core-identity-and-facebook-login I am trying to understand how it works and I want to use role-based authentication using this token. so I made another policy in the Startup.cs file as below. And I tried to use it like [Authorize(Policy = "admin")] or [Authorize(Policy = "ApiUser")] in the controller but every time I try I get unauthenticated using postman . What am

问题 I follow the tutorial link below. https://fullstackmark.com/post/13/jwt-authentication-with-aspnet-core-2-web-api-angular-5-net-core-identity-and-facebook-login I am trying to understand how it works and I want to use role-based authentication using this token. so I made another policy in the Startup.cs file as below. And I tried to use it like [Authorize(Policy = "admin")] or [Authorize(Policy = "ApiUser")] in the controller but every time I try I get unauthenticated using postman . What am

问题 I have copied a previous project and renamed it. Once I had successfully renamed all the name spaces and it build correctly. I got the following error when I ran the application: The following errors occurred while attempting to load the app. - The OwinStartup attribute discovered in assembly 'User Manager Interface' referencing startup type 'User_Manager_Interface.Startup' conflicts with the attribute in assembly 'Service Monitor Web Interface' referencing startup type 'Service_Monitor_Web

问题 I have configured 'SessionAuthenticationModule' based on the instructions from http://www.wiktorzychla.com/2014/11/forms-authentication-revisited-for-net.html. My application is in .Net 3.5 so I changed the library mappings based on "Namespace Mapping between WIF 3.5 and WIF 4.5". When I run it, it is throwing the exception shown below. " Object reference not set to an instance of an object. Description: An unhandled exception occurred during the execution of the current web request. Please

问题 I understand that I can use claims to make statements about a user: var claims = new List<Claim>(); claims.Add(new Claim(ClaimTypes.Name, "Peter")); claims.Add(new Claim(ClaimTypes.Email, "peter@domain.com")); But how should I store "role-based" claims? For example: The user is a super administrator. claims.Add(new Claim("IsSuperAdmin, "true")); The value parameter "true" feels completely redundant. How else can this statement be expressed using claims? 回答1: This is already done for you by

问题 I'm building my site, and I want to restrict a part of my site (The admin parts) from normal public display. I am using LINQ for database access. I have a Service class to handle calls to the database through LINQ I have the whole site running, except for the Login part. So far I have only been able to find examples using MembershipProvider and/or RoleProviders etc. And to be honest, it does seem like too much work for what I want. All this has to do is to let you in if you type the correct

问题 I'm trying to add LinkedIn authentication to my ASP.NET Core 2.0 app but getting the following error: No authentication handler is configured to handle the scheme: LinkedIn Here's how I add LinkedIn/OAuth authentication in the ConfigureServices in Startup.cs : services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme) .AddCookie("internal_cookie", options => { options.AccessDeniedPath = "/Account/Forbidden/"; options.LoginPath = "/Account/Login"; }) .AddCookie("external

问题 Our app requires sign-in by either mobile number or Google. We are planning to Twitter Digits for mobile number authentication. The flow of registration and authentication as I understand is as below: Mobile app does rich authentication with Twitter Digits or Google Sign In (it’s better user experience for the user to do rich auth instead of opening a web browser tab). Twitter Digits / Google Sign In returns Identity Token. Mobile app calls AuthServer to SignIn and presents Identity Token.

问题 I see there are 5 different Generate Token methods on ApplicationUserManager such as: manager. GenerateChangePhoneNumberToken () manager. GenerateEmailConfirmationToken () manager. GeneratePasswordResetToken () manager. GenerateTwoFactorToken () manager. GenerateUserToken () What is the point of GenerateUserToken when the other 4 exist? When would you only use GenerateUserToken and not any of the others? Can the UserToken from GenerateUserToken be used instead of the other 4 for all possible

问题 I am trying to retrieve the current user in my web application that uses ASP.NET Forms authentication. However, System.Security.Principal.WindowsIdentity.GetCurrent().Name returns domain\windowsUser, NOT the username that was used in the FormsAuthentication.RedirectFromLoginPage method. I am using Forms authentication in my config file: <authentication mode="Forms"> <forms loginUrl="Views/Login.aspx" name=".ASPXFORMSAUTH" timeout="1" cookieless="UseUri"> </forms> </authentication>