asp.net-core-webapi

I am porting my API from Web API 2 to ASP.NET Core Web API. I used to be able to add a custom header in the following manner: HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.OK); response.Headers.Add("X-Total-Count", count.ToString()); return ResponseMessage(response); How does one add a custom header in ASP.NET Core Web API? tmacharia You can just hi-jack the HttpContext from the incoming Http Request and add your own custom headers to the Response object before calling return. If you want your custom header to persist and be added in all API requests across multiple

I want to protect ASP.NET Core Web API using JWT. Additionally, I would like to have an option of using roles from tokens payload directly in controller actions attributes. Now, while I did find it out how to use it with Policies: Authorize(Policy="CheckIfUserIsOfRoleX") ControllerAction()... I would like better to have an option to use something usual like: Authorize(Role="RoleX") where Role would be automatically mapped from JWT payload. { name: "somename", roles: ["RoleX", "RoleY", "RoleZ"] } So, what is the easiest way to accomplish this in ASP.NET Core? Is there a way to get this working

I want to return two different formatted responses for the same feature (a list of entities) based on the accept header of the request, it is for a "json" and a "html" request. Does the asp.net core support select different actions for the same route based upon the Accept Header from the request? I dived into the .net core source code and looked for other attributes that do some similar behaviour such as Microsoft.AspNetCore.Mvc.HttpGet or Microsoft.AspNetCore.Mvc.ProducesAttribute . Both attributes implements an Microsoft.AspNetCore.Mvc.ActionConstraints.IActionConstraint interface wich is

I would like to return only standardized error responses from my Web API (Asp.net Core 2.1), but I can't seem to figure out how to handle model binding errors. The project is just created from the "ASP.NET Core Web Application" > "API" template. I've got a simple action defined as: [Route("[controller]")] [ApiController] public class MyTestController : ControllerBase { [HttpGet("{id}")] public ActionResult<TestModel> Get(Guid id) { return new TestModel() { Greeting = "Hello World!" }; } } public class TestModel { public string Greeting { get; set; } } If I make a request to this action with an

How to add additional claims to be included within the token? As soon as the API receives the bearer token, the User.Identity object gets populated with the following claims. [ { "key": "nbf", "value": "1484614344" }, { "key": "exp", "value": "1484615244" }, { "key": "iss", "value": "http://localhost:85" }, { "key": "aud", "value": "http://localhost:85/resources" }, { "key": "aud", "value": "WebAPI" }, { "key": "client_id", "value": "MyClient" }, { "key": "sub", "value": "d74c815a-7ed3-4671-b4e4-faceb0854bf6" }, { "key": "auth_time", "value": "1484611732" }, { "key": "idp", "value": "local" },

We have an ASP.NET Core 2.0 web site that also presents a couple of simple Web API methods for UI enhancement purposes. The Web API calls work as expected when running locally under IIS Express , but when we deploy to our IIS 8.5 production web server, we get the following error when making HTTP DELETE and PUT requests... 405 Method Not Allowed After some web searching, we have found several posts suggesting the removal of the IIS WebDAV module. We have disabled this in IIS (it is our server), and we have also tried the following: Disabled WebDAV Enabled WebDev and set Allow verb filtering =

(Edit - Found proper fix! see below) OK - this is my first attempt at .Net Core 2.0 and authentication, though I've done things with Web API 2.0 in the past, and have worked fairly extensively on various MVC and Webforms ASP projects over the last couple of years. I'm trying to create a Web API ONLY project using .Net Core. This will form the back end of a multi-tenant application for producing some reports, so I need to be able to authenticate users. It seems the usual approach is to use JWT - first authenticate the user to generate a token, then pass that to the client to use on every API