用户通过身份验证时调用Web Api方法

Question

I am having a problem calling a Web Api method when user is authenticated.

The fact is that when I call a Web Api method when user is authenticated, it is not recorgnized.

Formerly, I had problem with Logout method in AccountController. I solved it by using AllowAnonymous attribute.

However, now I am facing the same problem with ChangePassword method. I cannot add AllowAnonymous attribute in this case because when I do that I cannot retrieve the logged in user Id.

If I don't add AllowAnonymous attribute, system throws a forbidden error.

I am stuck here.... how can I solve it?

For instance, this is ChangePassword method in AccountController:

    // POST api/Account/ChangePassword
    [Route("ChangePassword")]
    public async Task<IHttpActionResult> ChangePassword(ChangePasswordBindingModel model)
    {
        if (!ModelState.IsValid)
        {
            // return BadRequest(ModelState);
            return Json(GetModelErrorMessages());
        }

        try
        {
            IdentityResult result = await UserManager.ChangePasswordAsync(User.Identity.GetUserId(), model.OldPassword,
                model.NewPassword);

            if (!result.Succeeded)
            {
                return GetErrorResult(result);
            }
        }
        catch(Exception ex)
        {

        }

        return Ok();
    }

Thanks Jaime

Answer 1

Problem was due because i was not sending a bearer token with the request.

            var tokenKey = 'accessToken';
            var token = sessionStorage.getItem(tokenKey);
            var headers = {};
            if (token) {
                headers.Authorization = 'Bearer ' + token;
            }

            $.ajax({
                type: 'POST',
                url: "/api/Account/ChangePassword",
                data: JSON.stringify(data),
                headers: headers,
                contentType: 'application/json; charset=utf-8'
            })

Now it works.

Regards

Jaime