owin

问题 I read some examples(1,2,3,4) about setting up authentication in the owin pipeline when using web api and the examples declare the authentication middleware as the first middleware in the Configuration method but doesn't tell why it needs to be first. In this question the auther had the webapi middleware attached before the authentication middleware and then the authentication didn't work correctly. When the auther moved it to the top of the method then everything work as expected.. Does

问题 I am converting an existing ASP .Net Web API 2 project to use OWIN. The project uses Castle Windsor as the dependency injection framework with one of the dependencies set to use the PerWebRequest lifestyle. When I make a request to the server I get a Castle.MicroKernel.ComponentResolutionException exception. The exception recommends adding the following to the system.web/httpModules and system.WebServer/modules sections in the config file: <add name="PerRequestLifestyle" type="Castle

问题 Is it possible with an Owin Middleware implementation to add claims prior to the execution of a Web API controller? Created an OwinMiddleware implementation and added an identity: var id = new ClaimsIdentity(); id.AddClaim(new Claim("Whatever", "is possible")); context.Authentication.User.AddIdentity(id); await Next.Invoke(context); However, even this Invoke method call the identities are not updated (just the internal claims array). And the controller when executed of course never gets the

问题 As a bit of context, I'm developing an ASP.NET MVC 5 application that uses OAuth-based authentication via Microsoft's OWIN implementation, for Facebook and Google only at this stage. Currently (as of v3.0.0, git-commit 4932c2f), the FacebookAuthenticationOptions and GoogleOAuth2AuthenticationOptions don't provide any property to force Facebook nor Google respectively to reauthenticate users (via appending the appropriate query string parameters) when signing in. Initially, I set out to

问题 I'm getting this error when attempting to load classes in the Microsoft.AspNet.SignalR.Owin assembly. The exception is thrown after execution leaves the Configuration method in startup.cs . I've registered a Global Exception Handler to try and catch the exception but it is not being caught. public async override Task HandleAsync(ExceptionHandlerContext context, CancellationToken cancellationToken) { var exception = context.Exception; const string genericErrorMessage = "An unexpected error

问题 The official Identity 2 sample project has the code below in UserManager.Create() public static UserManager Create(IdentityFactoryOptions<UserManager> options, IOwinContext context) { //...etc... // --- what does this block do? --- var dataProtectionProvider = options.DataProtectionProvider; if (dataProtectionProvider != null) { manager.UserTokenProvider = new DataProtectorTokenProvider<User>(dataProtectionProvider.Create("ASP.NET Identity")); } // -------------------------------- //...etc...

问题 In my WebAPI project I'm using Owin.Security.OAuth to add JWT authentication. Inside GrantResourceOwnerCredentials of my OAuthProvider I'm setting errors using below line: context.SetError("invalid_grant", "Account locked."); this is returned to client as: { "error": "invalid_grant", "error_description": "Account locked." } after user gets authenticated and he tries to do "normal" request to one of my controllers he gets below response when model is invalid (using FluentValidation): {

问题 Im trying to secure my ASP.NET web api using OWIN and ASP.NET identity, I managed to get it done. But I am saving the access token in the client's local storage (Mobile) which defeats the purpose of the access token. So I have to add refresh token. I managed to generate the refresh token using the same ticket of the access token. But now I don't know how to use the refresh token in the client. Startup.cs OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("

问题 In my C# Web API, I'm trying to add a global exception handler. I've been using a custom global ExceptionFilterAttribute to handle the exception and return a HttpResponseMessage : public override void OnException(HttpActionExecutedContext context) { ... const string message = "An unhandled exception was raised by the Web API."; var httpResponseMessage = new HttpResponseMessage(HttpStatusCode.InternalServerError) { Content = new StringContent(message), ReasonPhrase = message }; context

问题 Is there any way how can I set RedirectUri property for OpenIdConnectMessage based on a Request scope, not Application scope? My app is serving multiple domains (myapp.com, myapp.fr, ..) and based on domain, it determine default language for the content. I need that the user is taken back to the same domain after login thru IdP so I need to find a way how RedirectUri is set per request scope rather than app scope as done by configuring middleware options in startup.cs . 回答1: This can be done