owin

问题 I am having problems creating a custom UserStore using dependency injection when creating an ApplicationUserManager using the OWIN request pipeline. Background I am trying to migrate the user functionality in our web application from using the SimpleMembership to the new ASP.NET Identity. When starting a new MVC 5 project, the default implementation of the single page application uses ASP.Identity, using Entity Framework to implement the UserStore functionality. In my case, we are already

问题 I am developing a prototype of an AngularJS, Web API, SignalR application as a potential starting point for a new project in VS 2013. At this stage, I'm pretty much using the canned code that visual studio generates for Individual User Accounts. There's a line in the StartUp.Auth.cs code that looks like this. app.UseOAuthBearerTokens(OAuthOptions); With this in place, I can add the [Authorize] attribute to controllers and it works fine. Incidentally, with angular I was able to add a standard

问题 I've set up OWIN in an ASP.NET MVC app (including email confirmation). When an account is created I get an email containing a link to confirm my email. When I visit the link, I get the "Invalid Token" error. If I take that exact same link and instead change the domain to point at localhost while debugging the project, the email confirms just fine. The project is being deployed to an Azure Web Site (which I can't remote debug). I've tossed in some code to email me when confirmation fails (so

问题 I've set up OWIN in an ASP.NET MVC app (including email confirmation). When an account is created I get an email containing a link to confirm my email. When I visit the link, I get the "Invalid Token" error. If I take that exact same link and instead change the domain to point at localhost while debugging the project, the email confirms just fine. The project is being deployed to an Azure Web Site (which I can't remote debug). I've tossed in some code to email me when confirmation fails (so

问题 I have a WebApi app that is using Windows Azure Active Directory Bearer Authentication to authenticate users. After the user is authenticated, I want to query Azure's Graph Api to get more information about the user. I have a solution that works, but seems very hacky. I read the Authorization header and strip out the bearer part, and then I use AquireToken to get the new token: var authHeader = HttpContext.Current.Request.Headers["Authorization"]; var tokenMatch = Regex.Match(authHeader, @"(?

问题 I am experiencing a problem with a login loop when using WsFederation Authentication in my MVC web application. I used visual studio to create the scaffolding of the web application and to setup the WsFederation in the Startup.cs . Which generates the following block of code: public class Startup { private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"]; private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"]; public void Configuration

问题 i have implementation of JWT Authentication in .net core 2 application , it work fine. i want to use this implementation and structure in asp.net web api 2 application but i get error my structure: JwtTokenBuilder class: using System; using System.Collections.Generic; using Microsoft.IdentityModel.Tokens; using System.IdentityModel.Tokens.Jwt; using System.Security.Claims; using System.Linq; namespace solution.Authentication { public sealed class JwtTokenBuilder { private SecurityKey

问题 Within my web application I have registered Google as a single sign-on provider: app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions { ClientId = "8765.......apps.googleusercontent.com", ClientSecret = "Secret" }) My app doesn't allow users to sign-up/register (instead their accounts are created by an administrator, but they can later link their account up with Google). In my "Sign in with Google" controller, I am trying to issue a Challenge() to redirect to Google. This might

问题 When I activate the OWIN logout-everywhere feature via security stamps and use the OnValidateIdentity -Callback of the CookieAuthenticationProvider with the SecurityStampValidator -class, the user is logged out every time he closes the browser. provider.OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<MyUserManager, MyUser>( System.TimeSpan.FromSeconds(10),(manager, user) => { return user.GenerateUserIdentityAsync(manager); }); However, when I do the plumbing myself (lookup and

问题 I'm using OWIN's external authentication providers in my ASP.Net MVC 5 / WebApi 2 project and I've hit a strange problem. The login workflow is exactly like here on SO. User hits the login page, picks a provider and gets logged in. My problem is that the first click on a provider redirects back to the same login page: http://localhost:57291/Account/Login?ReturnUrl=%2fAccount%2fExternalLogin This would make sense if the ExternalLogin action would be lacking the AllowAnonymous attribute. When