owin

问题 I´m doing SSO App with user managment in MVC 5, but i cant share the cookie between apps for example http ://SSO http ://app diferent sites in IIS, i think this is something like cross domain,so in the app2 when i have something like this in the startup.auth app.UseCookieAuthentication(new CookieAuthenticationOptions { CookieName = "sharedcookie", CookieDomain = "SSO", CookieHttpOnly = false, //CookieDomain = "localhost", AuthenticationType = DefaultAuthenticationTypes.ExternalCookie,

问题 I'm attempting to use the OWIN Open ID Connect middleware to outsource authentication for my ASP.NET application to Azure Active Directory. The application successfully redirects to the Azure AD sign-in page upon accessing a page that requires authorisation. However upon signing in to Azure AD I'm encountering the following error: AADSTS90002: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID. Here is the call to

问题 I am testing OWIN middleware and wrote the following middleware class. But strangely, I see that this middleware is called about four times in total when I request a URL without any path ( localhost:<port> ). However when I call localhost:<port>/welcome.htm or when I call localhost:<port>/default.htm it is only called once as expected. What am I missing? public class MyMiddleware : OwinMiddleware { public MyMiddleware(OwinMiddleware next) : base(next) { } public override async Task Invoke

问题 I am trying to secure asp.net web-api 2.0 with Windows Identity Foundation 2. The choice I have to make is between role based authorization and claims based authorization. As a practice, I added a users in DbInitializer and assigned him two roles (Admin and Manager). When I log in with that user, I see that ClaimsPrincipal in debug mode, it already has those roles (Admin and Manager) associated as claims. So here are the questions: If roles are also treated as claims, what is the difference b

问题 I got an issue when setting up HTTPs for a self host Owin console application. The browser always shows a connection reset error. I've tried creating certificates manually according to this link http://chavli.com/how-to-configure-owin-self-hosted-website-with-ssl/ but I still get the connection reset issue on that port. And I've checked the windows event log and there's no error messages. The application will create X509 certificate by itself and run netsh command automatically. Without Ssl,

问题 I am writing a ASP.NET Classic WebAPI application. I have implemented the OWIN StartUp class, and the Caonfiguration method is executed, however, the ConfigureServices method does not get executed. I know this works for DotNetCore. using Microsoft.Extensions.DependencyInjection; using Microsoft.Owin; using Owin; [assembly: OwinStartup(typeof(ClassicWebApi.Startup))] namespace ClassicWebApi { public class Startup { public void ConfigureServices(IServiceCollection services) { //CODE IS NOT

问题 I'm trying to use the AccessToken provided by Owin in Google.Apis requests but I'm receiveing the exception System.InvalidOperationException (Additional information: The access token has expired but we can't refresh it). My configuration of Google Authentication is OK and I can successfully login into my application with it. I store the context.AccessToken as a Claim in the authentication callback (OnAuthenticated "event" of GoogleOAuth2AuthenticationProvider). My Startup.Auth.cs

问题 I am new the webAPI2, so please excuse me if my question is trivial. I want to implement token based security for my webAPI, so that other applications (apart from my SPA) can also call my webAPIs. I started with Owin OpenAuth and implemented a POC. Everything worked well. But when I had to send client to Authorization to Authorization server, I could not find any inbuilt function to do that. I had to build this my self. Then I came across DotNetOpenAuth that provides APIs to set the

问题 We are running an Owin applications on IIS 8.5 on Win 2012 R2 behind a loadbalancer. One some occations, requests to certain URLs hang indefinitely. If the user selects cancel in the browser, and reloads the page, everything is OK and the server responds quickly. In IIS manager, we can see the requests hanging: The hang seems to occur inside the Owin pipeline. We are running .NET 4.5.2 and the latest Owin packages. Here's the code for the /api/whoami endpoint: [Authorize] public class

问题 I've got an self-hosted SignalR instance, using OWIN. I'd like to implement authorization. My users will already have logged into an ASP.NET MVC application, using Forms Authentication. Since the two applications will be available at the same URL, the cookies will be shared between the two. How do I accept a Forms Authentication cookie in a self-hosted SignalR application? Clarification: I'm talking about a browser accessing a self-hosted SignalR hub using the same credentials that were used