owin

问题 I have a self-hosted OWIN project that I'm trying to run. It is configured to listen on: http://localhost:8080 Whenever I try to access that URL I get an HTTP Error 503. The service is unavailable error. I have run netstat -a -b and made absolutely sure there's no other application running on port 8080. When I change the configuration to http://+:8080 the project works fine. So the only change is localhost to + . Now here's the weird things: I made sure all entries ( localhost:8080 or +:8080

问题 Having used a refresh token to get a new access token, I want to update my client side cookie with that access token. My client is able to sign in and call my REST API using ajax, however when that first authorization expires, naturally the API calls no longer work. I have a .NET web application which consumes its own REST API. The API is a part of the same project. It does not have its own startup configuration. As the cookie is being sent in the header of each request it needs to have the

问题 Having used a refresh token to get a new access token, I want to update my client side cookie with that access token. My client is able to sign in and call my REST API using ajax, however when that first authorization expires, naturally the API calls no longer work. I have a .NET web application which consumes its own REST API. The API is a part of the same project. It does not have its own startup configuration. As the cookie is being sent in the header of each request it needs to have the

问题 To grant or revoke access to my webapis, I use OAuth password- and tokenrefreshworkflow. If I understand everything correctly the workflow should be something like this: Authenticate with username / password / client id Retrieve accestoken, refreshtoken and expire date Start timeout in client to refresh your token after expired token time Go on with bullet 2 -> and so on.. The progress above works fine so far. My problem is, that I don't get the expire time out of the users principle after

问题 When trying to create a DataProtectionProvider manually I have stumbled upon the Microsoft documenation to DpapiDataProtectionProvider which says: Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity. A question suddenly arises: What is the best choice when your application IS hosted by ASP.NET? Searching

问题 When trying to create a DataProtectionProvider manually I have stumbled upon the Microsoft documenation to DpapiDataProtectionProvider which says: Used to provide the data protection services that are derived from the Data Protection API. It is the best choice of data protection when you application is not hosted by ASP.NET and all processes are running as the same domain identity. A question suddenly arises: What is the best choice when your application IS hosted by ASP.NET? Searching

问题 BackGround : User once logged in to the our Web Application (using App level credential) will be presented with with Mail System they want to use based on that user will be redirected to respective authorization server to authenticate (using login / password of their mail system) and the auth server will return an access token back. In Notification events like OnAuthorizationCodeReceivedAsync or OnAuthenticationFailedAsync; we are not getting ASP.NET_SessionId so having said that i am not

问题 I am using a Ninject DI in my web application with a bunch of technoligies from Asp.Net stack (MVC, Web Api 2, SignalR). I have managed to make DI work for all technologies in use with the following approach: public static class NinjectWebCommon { private static readonly Bootstrapper bootstrapper = new Bootstrapper(); /// <summary> /// Starts the application /// </summary> public static void Start() { DynamicModuleUtility.RegisterModule(typeof(OnePerRequestHttpModule)); DynamicModuleUtility

问题 I am using a c# self hosted OWIN server and have configured my application to use authorise with JWT as below. This works properly, and invalid tokens are rejected with a 401 Unauthorized and valid tokens are accepted. My question is how can I write a log of why requests are rejected. Was it expired? Was it the wrong audience? Was no token present? I want all failed requests to be logged, but I can't seem to find any example of how. public class Startup { public void Configuration(IAppBuilder

问题 I study external login strategies and the terminology confuses me. What's the relation between the following. Owin OauthWebSecurity OAuth 2.0 Owin Katana ASP.NET Identity 回答1: Owin Owin is no more than a specification. It stands for Open Web Interface for .Net. In very simplistic terms it is based in the idea that using a few language constructs (delegates and a dictionary) you can create a framework for handling web requests that is independent of where it is hosted (you can even run an