owin

问题 We are using the generic OpenID Connect middleware to use Google as an external identity provider using IdentityServer3. We don't have MetadataAddress or any special TokenValidationParameters set up (so it should be getting the metadata based on Authority, and then filling in parameters based on that, which should be fine). We are getting the following error highly intermittently. Other questions I've come up with that have this error seem to involve incorrect custom validation and are not

问题 I updated the Owin nuget packages from 3.0.0 to 3.0.1 in my WebApi projects, but after the update all the user tokens that were generated by old version, and saved on the client side stopped working with new deployment. Is there a way to keep the old user tokens working with new version, as otherwise all the users will need to log into the system again to get new access token, which I want to avoid. 回答1: The incompatibility between 3.0.0 and 3.0.1 is due to a bug in the 3.0.0 version of the

问题 I want a singleton accessible to the whole request and only to calls from that request. I have a client with a requirement that the built-in server side session not be used. Instead I need to rebuild the UserSession object each time based on the request's cookies and query string and validate it with the database. There is some overhead in building the UserSession object, so I want to do it only once per request, as early as possible, and then reference that object later throughout the

问题 I want a singleton accessible to the whole request and only to calls from that request. I have a client with a requirement that the built-in server side session not be used. Instead I need to rebuild the UserSession object each time based on the request's cookies and query string and validate it with the database. There is some overhead in building the UserSession object, so I want to do it only once per request, as early as possible, and then reference that object later throughout the

问题 I tried to use TestServer and found that Fiddler could not catch the traffic. The address is set to http://localhost and no way to change it. server = TestServer.Create(app => { new Startup().Configuration(app); }); It would be good to change the url to http://ipv4.fiddler or some other candidate methods in http://docs.telerik.com/fiddler/observe-traffic/troubleshooting/notraffictolocalhost page. how can I do? 回答1: This won't work as TestServer fakes out the transport layer and just creates

问题 I have just started to know the MVC 5 and I am trying to use its built in owin authentication. I need to implement a forms authentication with IIS, but the OWIN Authentication is complicated than i waited. I have az Entity Framework Model with own User, Role and RoleUser tables and want to authenticate user by these tables. I tried to figured it out, how the owin works on a sample mvc 5 application. It has an ApplicationUser class: public class ApplicationUser : IdentityUser { } public class

问题 I have 2 webapi2 projects that use the same database. If I'm on localhost I get a bearer token from one I can pass it to the other and the other will properly decrypt it and load the user. However when I publish them to separate urls on azure, I get the one token fine from one but when I pass it to the other I can't get the ticket to load and it gives me the unauthorized response. I'm testing this by watching the owin AuthenticationTokenProvider.OnRecieve method. When context

问题 I have 2 webapi2 projects that use the same database. If I'm on localhost I get a bearer token from one I can pass it to the other and the other will properly decrypt it and load the user. However when I publish them to separate urls on azure, I get the one token fine from one but when I pass it to the other I can't get the ticket to load and it gives me the unauthorized response. I'm testing this by watching the owin AuthenticationTokenProvider.OnRecieve method. When context

问题 ASP.NET apps using OWIN permit multiple Identity sources (Facebook, Google, etc.). Most of the provider-specifc information those sources provide is irrelevant to my app, potentially even large, and I don't want it in my cookies all session. My app is primarily WebAPI, but I suspect the question applies equally to MVC and WebForms. For now, all I need is an integer account ID. Where/when should I reconstruct the identity, after external authentication? For example, here is one way I could

问题 We have asp.net MVC & angular application. We are using identityserver3 for access control to the application. Everything is working as expected, except one thing. Unauthorized users still have access to static content of the application. Is there any way to deny access to those files before user log in ? 回答1: Here is the link to the great post which led me to the solution => Intercepting file requests Steps I've taken to solve my problem: Added this line to my webconfig file. This will make