[英]ASP.NET Web API Authorization with Postman
I have created an ASP.NET Web API and applied Authorize attribute to the API controller. 我创建了一个ASP.NET Web API并将Authorize属性应用于API控制器。 Now, I want to test it using Postman but I am getting Authorization error.
现在,我想使用Postman测试它,但我收到了授权错误。
Controller code is: 控制器代码是:
[Authorize]
[HttpPost]
public IHttpActionResult Attend([FromBody] int gigId)
{
var attendance = new Attdendance
{
GigId = gigId,
AttendeeId = User.Identity.GetUserId()
};
_context.Attdendances.Add(attendance);
_context.SaveChanges();
return Ok();
}
My request looks like this http://prntscr.com/c8wz0b 我的请求看起来像http://prntscr.com/c8wz0b
I am using this advance Postman rest client http://prntscr.com/c8xafd 我正在使用这个先进的Postman休息客户端http://prntscr.com/c8xafd
How do I pass authorization in Postman? 我如何通过Postman授权?
EDIT 23/08/2016 I presume you are in cookie authentication with identity 编辑23/08/2016我假设您使用身份进行cookie身份验证
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
This is the default configuration with identity in Visual Studio. 这是Visual Studio中具有标识的默认配置。 I can argue why it is not a good option for security but that's not the point.
我可以说为什么它不是一个安全的好选择,但这不是重点。
You can go whit it in "postman" but it's tricky this is how I do it : 你可以在“邮递员”中使用它,但这很难处理我是这样做的:
Now your postman get the authentication cookie and you can request web api with [authorize] tag 现在您的邮递员获得身份验证cookie,您可以使用[authorize]标签请求web api
EDIT 编辑
For tool you have to add an authorization header. 对于工具,您必须添加授权标头。
Previous answer deleted 先前的答案删除
For Postman Windows App 4.6.0: 对于Postman Windows App 4.6.0:
In addition to the answer posted by Mathieu, I had to install interceptor extension for postman ( https://www.getpostman.com/docs/interceptor_cookies , https://www.getpostman.com/docs/capture ) to capture the cookies. 除了张贴马修的答案,我必须安装邮递员拦截扩展( https://www.getpostman.com/docs/interceptor_cookies , https://www.getpostman.com/docs/capture )来捕获饼干。 After that it worked.
之后它起作用了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.