发表新帖
发表新帖

ASP.NET Web API Authorization with Postman

前端 未结
关注
3 1210
小鲜肉
小鲜肉 2021-02-04 14:26

I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.

Contr

相关标签:
3条回答
  • 爱一瞬间的悲伤
    2021-02-04 14:54

    For Postman Windows App 4.6.0:

    1. Select your request from your request collection
    2. Go to the "Authorization" tab
    3. Choose an appropriate "Type", e.g. "Basic Auth"
    4. Enter "Username" and "Password"
    5. Click "Update Request"
    0 讨论(0)
  • 名媛妹妹
    2021-02-04 14:59

    EDIT 23/08/2016 I presume you are in cookie authentication with identity

    // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            // Configure the sign in cookie
            app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                LoginPath = new PathString("/Account/Login"),
                Provider = new CookieAuthenticationProvider
                {
                    // Enables the application to validate the security stamp when the user logs in.
                    // This is a security feature which is used when you change a password or add an external login to your account.  
                    OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                        validateInterval: TimeSpan.FromMinutes(30),
                        regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
                }
            });

    This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.

    You can go whit it in "postman" but it's tricky this is how I do it :

    1. Make a request over your login page :
    2. Get the anti forgery token in the form :
    3. Make a post request on login page with this post params in data form :

    Now your postman get the authentication cookie and you can request web api with [authorize] tag

    EDIT

    For tool you have to add an authorization header.

    • Go in the Headers form
    • Add the HTTP header "authorization"
    • Click on the edit button et voilà ;)

    screen shot

    Previous answer deleted

    0 讨论(0)
  • 挽巷
    2021-02-04 15:03

    In addition to the answer posted by Mathieu, I had to install interceptor extension for postman (https://www.getpostman.com/docs/interceptor_cookies, https://www.getpostman.com/docs/capture) to capture the cookies. After that it worked.

    0 讨论(0)
 看不清?
提交回复
热议问题