bearer-token

I'am working on a REST API. Therefore I prepared a function which sends the authentication data via curl to the REST Server. I've implemented two authentication options. The first is Basic Authentication, the second is authentication via token (Bearer). Now, i'am in trobles, because at the REST Server, the POST Data is not received by the REST Server in case of authentication via token. The authentication itself is working, but the POST Data is going to be lost. In case of authentication via Basis Authentication, the POST Data will be received by the REST Server, no problem. private function

I am creating a Web Api application and I want to use bearer tokens for the user authentication. I implemented the token logic, following this post and everything seems to work fine. NOTE: I am not using the ASP.NET Identity Provider. Instead I have created a custom User entity and services for it. public class Startup { public void Configuration(IAppBuilder app) { ConfigureOAuth(app); var config = new HttpConfiguration(); var container = DependancyConfig.Register(); var dependencyResolver = new AutofacWebApiDependencyResolver(container); config.DependencyResolver = dependencyResolver; app

I'm using ASP.NET Core 2.0 application (Web API) as a JWT issuer to generate a token consumable by a mobile app. Unfortunately, this token couldn't be validated by one controller while can be validated by another (using the same validation setting within the same asp.net core 2.0 app). So I have a token which is valid and could be decoded, has all the required claims and timestamps. But one endpoint accepts it, while another gives me 401 error and debug output: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService:Information: Authorization failed for user: (null). [40m[32minfo[39m

I'm using ExchangeUserCredentialForToken function to get the token from the Authorization server. It's working fine when my user exists in my databas, but when the credentials are incorect I would like to send back a message to the client. I'm using the following 2 lines of code to set the error message: context.SetError("Autorization Error", "The username or password is incorrect!"); context.Rejected(); But on the client side I'm getting only protocol error (error 400). Can you help me how can I get the error message set on the server side on the authorization server? The full app config from

I'm making an authorization system in PHP , and I came across this Bearer scheme of passing JWT tokens, I read RFC 6750 . I've got the following doubts: How is this improving the security? The server responses the client with a JWT token in its body after a successful authorization and login, and now when the client makes another request, I am not clear how to actually do that, I want to send token from client in Authorization header in the request, so now should I just prefix "Bearer" to the token which I received in the previous response from the server and If yes, then server on receiving

I thought I had a pretty simple goal in mind when I set out a day ago to implement a self-contained bearer auth webapi on .NET core 2.0, but I have yet to get anything remotely working. Here's a list of what I'm trying to do: Implement a bearer token protected webapi Issue tokens & refresh tokens from an endpoint in the same project Use the [Authorize] attribute to control access to api surface Not use ASP.Net Identity (I have much lighter weight user/membership reqs) I'm totally fine with building identity/claims/principal in login and adding that to request context, but I've not seen a

I have an MVC 5 web application and can login with a Login.cshtml page and get a cookie and the login works fine. But, I would like to do a login with the Web API and then (maybe) set a cookie so that I am logged in for my MVC pages... (or login with the MVC login and then access the Web API) however the web api returns a bearer token and not a cookie token... so this doesn't work. Is there a way to combine the use of authentication both for my MVC pages and for my Web API pages? UPDATE: This isn't really a code issue, more of a conceptual issue. Normal MVC web pages examine a cookie named, by