authorization

I am implementing a query which should serve some fields in the response depending on user login status. To be specific, I want to get "pointRate" field only if $authenticationToken is passed & would want to avoid passing $authenticated in below query. The reason I want to avoid sending $authenticated is client can do mistake by sending $authenticated = true but $authenticationToken = null . query ToDoQuery($authenticationToken: String, $authenticated: Boolean!) { pointRate(accessToken: $authenticationToken) @include(if: $authenticated) { status } } So, Actually you want to do that i) if

For the first time I'm creating Authorization in ASP.NET Core. I used tutorial from here TUTORIAL The problem is when I sending request from postman: Authorization:Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6I... to my method in controller decorated with [Authorize] attribute. I receive 401 Unauthorized always... I saw comments bellow that tutorial and it seems that some people have similar issue also. I've no idea how I can solve this problem. At the request of others here is the answer: The problem was with the middleware order in Startup.cs public void Configure(IApplicationBuilder app,

I want to make the roles default for my controller class to "Administrators, Content Editors" [Authorize(Roles = "Administrators, Content Editor")] I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that everyone (including completely unauthorized users) have access for this action. Note: I know I could adorn every single action other action with the authorize attribute above but I don't want to have to do that all the time. I want all of the controllers actions to be

In the DB i have Role and User entities with one to many relationship. What i am trying to do is to build custom authorization filter. All the tutorials that i have seen are using default ASP.NET membership. All i know is that i need to inherit AuthorizationAttribute but do not know which methods do i need to override and how to implement them. public class UserAuth : AuthorizeAttribute { } In the DB : Role public class Role { [Key] public int RoleID { get; set; } [Required] public int RolenameValue { get; set; } [MaxLength(100)] public string Description { get; set; } // // // // // public

I am testing out a very basic Pub/Sub subscription. I have the push endpoint set to an App I have deployed through a Python Flex service in App Engine. The service is in a project with Identity-Aware Proxy enabled. The IAP is configured to allow through users authenticated with our domain. I do not see any of the push requests being processed by my app. I turned off the IAP protection and then I see that the requests are processed. I turn it back on and they are no longer processed. Note: This answer uses BETA commands and features. To enable IAP enabled App Engine access to Pub/Sub push

For what its worth, I managed to get a console application to authenticate itself with an existing ASP.NET web application. It just mimics the login page by making a post request to the login page containing the viewstate information (just as if a browser had made the request). It then catches the cookie sent back in response in a CookieContainer. The application then goes on to make multiple requests to the same page (which requires authorization). The page does some work and writes out a file on the server. The problem I'm encountering is that after the phony login, the first two requests go

We are in the process of developing a in house mobile application and web api. We are using asp.net web api 2 with asp.net Identy 2 OAuth. I have got the api up and running and giving me a bearer token. However I want to slightly modify the process flow to something like along the lines of this: App user logs in to api with username and password. App receives Refresh-token which is valid for 30 days. App then requests an access token providing the api with the refresh token. ( Here I want to be able to invalidate a request if the user has changed their password or their account has been locked