c# - ASP.NET Identity is null even the token is sent -

-

for thesis project have implement token-based (bearer) authentication in asp.net solution. implemented taiseer jouseh (http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity).

the basic part working correctly. have mobile client on can register new user. can login , receive token. when make request, token sent in request header. works fine. problem is, 401 unauthorized error if call [authorize] method, if send token. removed [authorize] annotation test things:

var z = user.identity; var t = thread.currentprincipal.identity; var y = httpcontext.current.user.identity; var x = request.getowincontext().authentication.user.identity;

here got alwas same identity: authenticationtype=null; isauthenticated=false; name=null; claims:empty

var token = request.headers.authorization;

here right token. token sent request.

i hope can me. have token no identity.

here parts of code: oauthserviceprovider:

public class simpleauthorizationserverprovider : oauthauthorizationserverprovider {      public async override task validateclientauthentication(oauthvalidateclientauthenticationcontext context)     {         context.validated();     }      // post /token     public override async task grantresourceownercredentials(oauthgrantresourceownercredentialscontext context)     {          context.owincontext.response.headers.add("access-control-allow-origin", new[] { "*" });          var usermanager = dependencyresolver.current.getservice<usermanager<identityuser, int>>();          identityuser user = await usermanager.findasync(context.username, context.password);          if (user == null)         {             context.seterror("invalid_grant", "the user name or password incorrect.");             return;         }          var identity = await usermanager.createidentityasync(user, context.options.authenticationtype);         identity.addclaim(new claim("sub", context.username));         identity.addclaim(new claim("role", "user"));         context.validated(identity);     } }

the controller method:

#region /user/:id [httpget] [route("{id:int:min(1)}")] [responsetype(typeof(usereditdto))] public async task<ihttpactionresult> getuser(int id) {     try     {         // tests         var z = user.identity;         var t = thread.currentprincipal.identity;         var y = httpcontext.current.user.identity;         var x = request.getowincontext().authentication.user.identity;         var token = request.headers.authorization;          user user = await _usermanager.findbyidasync(id);         if (user == null)         {             return notfound();         }          mapper.createmap<user, usereditdto>();         return ok(mapper.map<usereditdto>(user));     }     catch (exception exception)     {         throw;     }  } #endregion

the webapiconfig:

public static class webapiconfig {     public static void register(httpconfiguration config)     {         config.suppressdefaulthostauthentication();         config.filters.add(new hostauthenticationfilter("bearer"));          config.maphttpattributeroutes();          var corsattr = new enablecorsattribute("*", "*", "*");         config.enablecors(corsattr);          config.routes.maphttproute(              name: "defaultapi",              routetemplate: "api/{controller}/{id}",              defaults: new { id = routeparameter.optional }         );     } }

startup:

[assembly: owinstartup(typeof(startup))] public class startup {      public void configuration(iappbuilder app)     {         httpconfiguration config = new httpconfiguration();         var container = new unitycontainer();         unityconfig.registercomponents(container);         config.dependencyresolver = new unitydependencyresolver(container);         //config.dependencyresolver = new unityhierarchicaldependencyresolver(container);         webapiconfig.register(config);         app.usewebapi(config);         configureoauth(app);     }      public void configureoauth(iappbuilder app)     {         oauthauthorizationserveroptions oauthserveroptions = new oauthauthorizationserveroptions()         {             allowinsecurehttp = true,             tokenendpointpath = new pathstring("/token"),             accesstokenexpiretimespan = timespan.fromdays(1),             provider = new simpleauthorizationserverprovider()         };          // token generation         app.useoauthbearerauthentication(new oauthbearerauthenticationoptions());         app.useoauthauthorizationserver(oauthserveroptions);      }  }

finally found problem. simple, can't believe spent more week solve problem.

the problem in startup. had call configureoauth(app); before app.usewebapi(config);

so correct startup looks like

[assembly: owinstartup(typeof(startup))] public class startup {      public void configuration(iappbuilder app)     {         httpconfiguration config = new httpconfiguration();         var container = new unitycontainer();         unityconfig.registercomponents(container);         config.dependencyresolver = new unitydependencyresolver(container);         //config.dependencyresolver = new unityhierarchicaldependencyresolver(container);         webapiconfig.register(config);         configureoauth(app);         app.usewebapi(config);     }      public void configureoauth(iappbuilder app)     {         oauthauthorizationserveroptions oauthserveroptions = new oauthauthorizationserveroptions()         {             allowinsecurehttp = true,             tokenendpointpath = new pathstring("/token"),             accesstokenexpiretimespan = timespan.fromdays(1),             provider = new simpleauthorizationserverprovider()         };          // token generation         app.useoauthbearerauthentication(new oauthbearerauthenticationoptions());         app.useoauthauthorizationserver(oauthserveroptions);      }  }

Comments

Post a Comment

Popular posts from this blog

php - Admin SDK -- get information about the group -

-
please, help. https://www.googleapis.com/admin/directory/v1/groups/106274944935548788283 sending request obtain information group id 1062 ... here link method in google https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_group in response error - 401 unauthorized. oauth authenticate via user has received rights necessary request, included in console admin sdk. authorization successful, there token. not can not understand. if not hard - response. requested information: file_get_contents("https://www.googleapis.com/admin/directory/v1/groups/1062749‌​44935548788283?key=aizasybruhiomdf9nlx9lx3imxwesqmcrnhh4l4"); id group - "106274944935548788283" key applications in case - "aizasybruhiomdf9nlx9lx3imxwesqmcrnhh4l4" error: failed open stream: http request failed! http/1.0 401 unauthorized
Read more

dns - How To Use Custom Nameserver On Free Cloudflare? -

-
i have problem. i own small hosting company. trying add cloudflare site free cdn. problem when sign have change nameservers nameservers. have nameserver dns set through godaddy, how add them cloudflare? main site uses company's nameservers whenever add them site goes offline. when go cloudflare's dns records click on dropdown, click ns, , there's 2 boxes 'name' , 'nameserver'. mean input 'ns1' 'name' , 'ns1.domain.com' 'nameserver'? input server's ip addresses? is there way of accomplishing free version of cloudflare? that impossible. option have custom name servers available on business , enterprise. see https://www.cloudflare.com/plans . also, might mistaken. must change name servers in domain register settings, not on cloudflare.
Read more

Python Error - TypeError: input expected at most 1 arguments, got 3 -

-
can explain why can not use your_name in goal variable? my_name = "bryson" my_age = 29 your_name = input ("what name? ") your_age = input ("what age? ") print ("my name is", my_name,", , am", my_age, "years old.") print ("your name is", your_name,", , are", your_age,".") print("thank buying book,", your_name,"!") goal = input ("what favorite part of book,", your_name, "?") print("awesome!") the error is: goal = input ("what favorite part of book,", your_name, "?") typeerror: input expected @ 1 arguments, got 3 you got error because in fact gave 3 arguments input function when expecting 1 (namely, string prompt). in input ("what favorite part of book,", your_name, "?") ---------------------------------------- , ---------, --- the underlined parts comma-separated arguments: st...
Read more