asp.net-authorization

How to have custom validation of a JWT bearer token early in the pipeline

巧了我就是萌 提交于 2019-12-11 16:12:46
问题 I have in incoming bearer token that has an incorrect audience. There is enough information in the token via other claims that prove what the audience should be. I was hoping to fix it up early so that I could still take advantage of the JwtBearerOptions.TokenValidationParameters.ValidateAudience = true; JwtBearerOptions.TokenValidationParameters.ValidAudiences ={"the right one"}; I can hook the OnTokenValidated event, and rewrite the principal, but that is too late. Earlier in the pipeline

Current user with ASP.NET Forms authentication app

北城以北 提交于 2019-12-11 13:17:21
问题 I am trying to retrieve the current user in my web application that uses ASP.NET Forms authentication. However, System.Security.Principal.WindowsIdentity.GetCurrent().Name returns domain\windowsUser, NOT the username that was used in the FormsAuthentication.RedirectFromLoginPage method. I am using Forms authentication in my config file: <authentication mode="Forms"> <forms loginUrl="Views/Login.aspx" name=".ASPXFORMSAUTH" timeout="1" cookieless="UseUri"> </forms> </authentication>

Custom Authorization Filter in .NET Core API

落爺英雄遲暮 提交于 2019-12-11 10:06:52
问题 I want to authorize users before accessing any data using my core api, so I tried is using JWT authentication. I have successfully generated token while signing in user using api and saved that token on client side in session, now whenever user wants to access any data using api, I'll send that token in header to api and I want to validate that JWT token using custom authorization filter. I have created custom authorization filter and applied it on my GetMenu api and I'm able to validate that

.NET MVC Authorization Attribute throwing SQL network related exception

痞子三分冷 提交于 2019-12-11 07:07:15
问题 I have defined an authorization attribute like following: public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Result = new RedirectResult("~/Login"); return; } var requiredRoles = Roles.Split(Convert.ToChar(",")).ToList(); var roles = ((ClaimsIdentity)filterContext.HttpContext.User.Identity).Claims .Where(c => c.Type == ClaimTypes.Role) .Select(c => c.Value

How to share encrypted cookies between asp.net 4.5 and asp.net core?

回眸只為那壹抹淺笑 提交于 2019-12-10 19:38:46
问题 We have few asp.net 4.5 applications that share authentication cookies (SSO) secured by a web config machinekey and I wont change them. ASP.NET 4.5 sign in: var auth = FederatedAuthentication.SessionAuthenticationModule; auth.WriteSessionTokenToCookie(new System.IdentityModel.Tokens.SessionSecurityToken(cp)); Now we are about to implement new asp.net core application in the same domain and we want to keep old cookies authorization mechanism. Federatedauthentification is failing on a runtime

User Role/Authorization doesn't work in ASP.NET Identity

耗尽温柔 提交于 2019-12-08 04:50:54
问题 have this (model builder) code on our DbContext.cs base.OnModelCreating(modelBuilder); modelBuilder.Entity<IdentityUserLogin>().HasKey<string>(l => l.UserId); modelBuilder.Entity<IdentityRole>().HasKey<string>(r => r.Id); modelBuilder.Entity<IdentityUserRole>().HasKey(r => new { r.RoleId, r.UserId }); modelBuilder.Entity<ApplicationUser>().ToTable("ApplicationUser"); Everything works fine except for Authorization/User Roles . After checking all tables I noticed that IdentityUserRoles table

How to migrate from Forms Authentication to ASP .NET Identity

爱⌒轻易说出口 提交于 2019-12-07 23:22:43
问题 I am working in a MVC project that contains both regular MVC controllers as well as Web API Controllers. Initially I implemented Forms Authentication with custom user table. But now I am planning to use the new ASP .NET Identity and change from the forms cookie based authentication to claims based authentication and authorization. I already have a database with tables with custom fields. So I need to customize the ASP .NET Identity to work with my tables Can anyone guide me on how this can be

Custom Bearer Token Authorization for ASP.Net Core

冷暖自知 提交于 2019-12-07 15:03:53
问题 Is this an acceptable implementation of a custom bearer token authorization mechanism? Authorization Attribute public class AuthorizeAttribute : TypeFilterAttribute { public AuthorizeAttribute(): base(typeof(AuthorizeActionFilter)){} } public class AuthorizeActionFilter : IAsyncActionFilter { private readonly IValidateBearerToken _authToken; public AuthorizeActionFilter(IValidateBearerToken authToken) { _authToken = authToken; } public async Task OnActionExecutionAsync(ActionExecutingContext

User Role/Authorization doesn't work in ASP.NET Identity

不羁的心 提交于 2019-12-07 00:28:28
have this (model builder) code on our DbContext.cs base.OnModelCreating(modelBuilder); modelBuilder.Entity<IdentityUserLogin>().HasKey<string>(l => l.UserId); modelBuilder.Entity<IdentityRole>().HasKey<string>(r => r.Id); modelBuilder.Entity<IdentityUserRole>().HasKey(r => new { r.RoleId, r.UserId }); modelBuilder.Entity<ApplicationUser>().ToTable("ApplicationUser"); Everything works fine except for Authorization/User Roles . After checking all tables I noticed that IdentityUserRoles table creates 4 columns: RoleId, UserId, IdentityRole_Id and ApplicationUser_Id. I found out that, IdentityRole

How to migrate from Forms Authentication to ASP .NET Identity

喜欢而已 提交于 2019-12-06 11:59:50
I am working in a MVC project that contains both regular MVC controllers as well as Web API Controllers. Initially I implemented Forms Authentication with custom user table. But now I am planning to use the new ASP .NET Identity and change from the forms cookie based authentication to claims based authentication and authorization. I already have a database with tables with custom fields. So I need to customize the ASP .NET Identity to work with my tables Can anyone guide me on how this can be achieved ? Edit: In reply to FKutsche, here is the User table that I have. I have kept only the
订阅 asp.net-authorization