owin

问题 I am running WebAPI with just one Middleware and not able to set response HTTP status code. I am using OnSendingHeaders() and able to add headers and set response body, but status code is not getting set and response always has it set as 200 OK. I am able to set response status code in ValidateUrl(context) though. Difference is ValidateUrl(context) is called synchronously and OnSendingHeaders() would be called asynchronously after ProcessIncomingRequest() is executed. Is HTTP status line

问题 I need to deliver custom "not authorized" message in different languages, instead of the default "Authorization has been denied for this request". I'm using Owin as authentication and the [Authorize] attribute for ApiControllers/methods. I know that this could be done with a custom autorization filter, but it seems an overkill situation just to change the message sent to the client. Is there a simpler way of changing the message or should I stick to a custom authorize filter? Thanks 回答1:

问题 i have a custom cors policy like below, where I am setting support-credentials to false public class CorsProviderFactory : ICorsPolicyProviderFactory { //https://msdn.microsoft.com/en-us/magazine/dn532203.aspx public ICorsPolicyProvider GetCorsPolicyProvider( HttpRequestMessage request) { return new CorsPolicyProviderCustom(); } public class CorsPolicyProviderCustom : Attribute, ICorsPolicyProvider { private readonly CorsPolicy _policy; public CorsPolicyProviderCustom() { // Create a CORS

问题 I set up AutoFac to work with ASP.NET Identity in MVC 5. Everything seemed to work fine on surface, i.e. users could create accounts and log in. But then I discovered that the users do not get logged out when Security Stamp is changed. Either by brute force in AspNetUsers table or by users changing password and expecting to be logged out in other browser. This is how I set up AutoFac by following this unofficial article. public void Configuration(IAppBuilder app) { var builder = new

问题 I am using OWIN middleware for cookie authentication and openIdConnect. Before I added openIdConnect authentication to my startup auth code the cookie authentication option, LoginPath was used as the destination for redirecting unauthenticated users. This worked really well and is the functionality I would like to keep. However, when I added app.UseOpenIdConnectAuthentication to my project, it started automatically redirecting unauthenticated users to my OpenIdConnect Authority (https://login

问题 I am sing OAuth2 in WebAPI project. I am authenticating user request in OWIN middleware. On successfull authentication I am sending an JWT access token to client. Now I can validate subsequent request at server and use [Authorize(Roles="myRole")] attribute on Api Controllers. But how can I show validate client content in AngularJs and show pages based on user role? I have JWT at client and no idea how to get user role out of it? Is it a good approach to extract information from JWT? 回答1: You

问题 I'm using owin authentication on an ASPNET MVC project. When using google I have the following problem: 1- The user signs in with the google account 2- The user signs out 3- The next time the user tries to sign in, the current google account is automatically used to sign in again without prompting the user is he wants to use another account. Question: How can I, using the owin google authentication, prompt the user if he wants to use the current account or use a different one? Thanks 回答1: If

问题 I've successfully implemented oAuth using OWIN in my WebApi 2 Server with: app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/api/TokenByPassword"), // ... }); However, I would like the TokenEndpointPath to be dynamic as I will have multiple databases each with their own account records. I believe I want something like: TokenEndpointPath = new PathString("/api/{databaseid}/TokenByPassword"); I don't believe

问题 Recently I realized there is a leak in my Web API application based on Owin and Autofac. The leak is not permanent but memory kept longer than per request. Here's the deal: 1-) By default Web API uses buffered responses and the runtime keeps OverlappedData structure up to 40 instances as an object pool even after the response is returned. (For performance reasons I guess) 2-) Each OverlappedData structure keeps the OwinContext alive (only 40 at a time probably for pooling) 3-) Because

问题 My web site allows users to register and log in with their Google Account. My c# MVC app uses the feature the template offered using Microsoft.AspNet.Identity.Owin. I have received an email from Google that they are shutting down Google+. The email said to transfer over to Google Sign In. Any good articles that explain this topic for c# MVC apps using Owin features? Any pointers where to start would be greatly appreciated. thanks, Michael 回答1: Just update the package Microsoft.Owin.Security