asp.net-core-webapi

.Net Core 2.0 Web API using JWT - Adding Identity breaks the JWT authentication

左心房为你撑大大i 提交于 2019-11-27 05:26:14
问题 (Edit - Found proper fix! see below) OK - this is my first attempt at .Net Core 2.0 and authentication, though I've done things with Web API 2.0 in the past, and have worked fairly extensively on various MVC and Webforms ASP projects over the last couple of years. I'm trying to create a Web API ONLY project using .Net Core. This will form the back end of a multi-tenant application for producing some reports, so I need to be able to authenticate users. It seems the usual approach is to use JWT

ASP.NET Core web api action selection based on Accept header

不问归期 提交于 2019-11-27 03:18:34
问题 I want to return two different formatted responses for the same feature (a list of entities) based on the accept header of the request, it is for a "json" and a "html" request. Does the asp.net core support select different actions for the same route based upon the Accept Header from the request? 回答1: I dived into the .net core source code and looked for other attributes that do some similar behaviour such as Microsoft.AspNetCore.Mvc.HttpGet or Microsoft.AspNetCore.Mvc.ProducesAttribute .

How do I customize ASP.Net Core model binding errors?

喜夏-厌秋 提交于 2019-11-27 02:43:16
问题 I would like to return only standardized error responses from my Web API (Asp.net Core 2.1), but I can't seem to figure out how to handle model binding errors. The project is just created from the "ASP.NET Core Web Application" > "API" template. I've got a simple action defined as: [Route("[controller]")] [ApiController] public class MyTestController : ControllerBase { [HttpGet("{id}")] public ActionResult<TestModel> Get(Guid id) { return new TestModel() { Greeting = "Hello World!" }; } }

ASP.NET Core 2.0 JWT Validation fails with `Authorization failed for user: (null)` error

感情迁移 提交于 2019-11-27 02:07:56
问题 I'm using ASP.NET Core 2.0 application (Web API) as a JWT issuer to generate a token consumable by a mobile app. Unfortunately, this token couldn't be validated by one controller while can be validated by another (using the same validation setting within the same asp.net core 2.0 app). So I have a token which is valid and could be decoded, has all the required claims and timestamps. But one endpoint accepts it, while another gives me 401 error and debug output: Microsoft.AspNetCore

How to add additional claims to be included in the access_token using ASP.Net Identity with IdentityServer4

久未见 提交于 2019-11-27 01:46:33
问题 How to add additional claims to be included within the token? As soon as the API receives the bearer token, the User.Identity object gets populated with the following claims. [ { "key": "nbf", "value": "1484614344" }, { "key": "exp", "value": "1484615244" }, { "key": "iss", "value": "http://localhost:85" }, { "key": "aud", "value": "http://localhost:85/resources" }, { "key": "aud", "value": "WebAPI" }, { "key": "client_id", "value": "MyClient" }, { "key": "sub", "value": "d74c815a-7ed3-4671

Using a C# 7 tuple in an ASP.NET Core Web API Controller

倖福魔咒の 提交于 2019-11-26 21:47:38
问题 Do you know why this works: public struct UserNameAndPassword { public string username; public string password; } [HttpPost] public IActionResult Create([FromBody]UserNameAndPassword usernameAndPassword) { Console.WriteLine(usernameAndPassword); if (this.AuthenticationService.IsValidUserAndPasswordCombination(usernameAndPassword.username, usernameAndPassword.password)) return new ObjectResult(GenerateToken(usernameAndPassword.username)); return BadRequest(); } But when I replace it with a

ASP.NET Core API JSON serializersettings per request

感情迁移 提交于 2019-11-26 21:35:23
问题 Based on some value in the request (header or in the url) I want to change the serialization of my DTO objects. Why? Well I've applied the [JsonProperty("A")] to my DTO's but depending on the client (website or mobile app) it want to use that property or not. I started with services .AddMvc() .AddJsonOptions(opt => { #if DEBUG opt.SerializerSettings.ContractResolver = new NoJsonPropertyNameContractResolver(); #endif } So while debugging I get JSON with full propertynames. I use the

RS256 vs HS256: What's the difference?

早过忘川 提交于 2019-11-26 21:09:43
I'm using Auth0 to handle authentication in my web app. I'm using ASP.NET Core v1.0.0 and Angular 2 rc5 and I don't know much about authentication/security in general. In the Auth0 docs for ASP.NET Core Web Api , there are two choices for the JWT algorithm being RS256 and HS256. This may be a dumb question but: What's the difference between RS256 and HS256? What are some use cases (if applicable)? Both choices refer to what algorithm the identity provider uses to sign the JWT. Signing is a cryptographic operation that generates a "signature" (part of the JWT) that the recipient of the token

How to configure concurrency in .NET Core Web API?

独自空忆成欢 提交于 2019-11-26 21:01:09
问题 In the old WCF days, you had control over service concurrency via MaxConcurrentCalls setting. MaxConcurrentCalls defaulted to 16 concurrent calls but you could raise or lower that value based upon your needs. How do you control server side concurrency in .NET Core Web API? We probably need to limit it in our case as too many concurrent requests can impede overall server performance. 回答1: ASP.NET Core application concurrency is handled by its web server. For example: Kestrel var host = new

Angular4 ASP.NET Core 1.2 Windows Authentication CORS for PUT and POST Gives 401

妖精的绣舞 提交于 2019-11-26 20:59:36
问题 My IDE is Visual Studio 2017. I've got an Angular4 client talking to a WebAPI backend in Core, and CORS is working as configured EXCEPT for the PUT and POST methods. The GET method is subject to the same preflight OPTIONS method in Chrome that the PUT and POST methods are, but GET is working fine. It appears that the IIS Express server in Visual Studio is not forwarding the requests to the Kestrel server. Both Methods work in Postman, but not when Angular4 makes the call. Here's the code:
订阅 asp.net-core-webapi