owin

问题 For at least a couple of years, I've been using code similar to this in my MVC solutions... [Authorize] public class HomeController : Controller { [HttpGet] public ActionResult Index() { .......... Then in my Authentication code myAuthenticationProperties = new Microsoft.Owin.Security.AuthenticationProperties(); myAuthenticationProperties.AllowRefresh = true; myAuthenticationProperties.ExpiresUtc = DateTime.UtcNow.AddMinutes(60); myAuthenticationManager.SignIn(myAuthenticationProperties,

问题 For at least a couple of years, I've been using code similar to this in my MVC solutions... [Authorize] public class HomeController : Controller { [HttpGet] public ActionResult Index() { .......... Then in my Authentication code myAuthenticationProperties = new Microsoft.Owin.Security.AuthenticationProperties(); myAuthenticationProperties.AllowRefresh = true; myAuthenticationProperties.ExpiresUtc = DateTime.UtcNow.AddMinutes(60); myAuthenticationManager.SignIn(myAuthenticationProperties,

问题 I was trying to implement OWIN WS Federation in an existing application. It's a web application in asp .net VB. I have added all the references from the Nugetpackages List of refernces added Then I added the startup class in 2 files as a Partial class. StartupAuth.vb: Imports System.Configuration Imports System.Globalization Imports System.Threading.Tasks Imports Microsoft.Owin.Extensions Imports Microsoft.Owin.Security Imports Microsoft.Owin.Security.Cookies Imports Microsoft.Owin.Security

问题 I was trying to implement OWIN WS Federation in an existing application. It's a web application in asp .net VB. I have added all the references from the Nugetpackages List of refernces added Then I added the startup class in 2 files as a Partial class. StartupAuth.vb: Imports System.Configuration Imports System.Globalization Imports System.Threading.Tasks Imports Microsoft.Owin.Extensions Imports Microsoft.Owin.Security Imports Microsoft.Owin.Security.Cookies Imports Microsoft.Owin.Security

问题 We have implemented Owin authentication in C# without refresh token, however, until recently we started facing token expiry issue on user interface, we have kept token expiry as 20 mins, now we need to get rid of this issue, so, we thought of two solution. First solution is to add a validation before every api call whether the token is going to expire, if it is then generate a new access token using refresh token. Second solution is to add a custom logic on client side where it will keep on

问题 I am using UseOpenIdConnectAuthentication to authenticate users. My application code works fine locally. But, when I run it on Azure, the SecurityTokenValidated event is never fired. Consequently, the code runs fine but the user is never authenticated. I am not sure if the issue is with my code or with Azure. This is being used in a Web Form, Asp.net application (not Core). I use the Azure trace feature to log. I can see that only "RedirectToIdentityProvider" is fired. No other event gets

问题 I am using UseOpenIdConnectAuthentication to authenticate users. My application code works fine locally. But, when I run it on Azure, the SecurityTokenValidated event is never fired. Consequently, the code runs fine but the user is never authenticated. I am not sure if the issue is with my code or with Azure. This is being used in a Web Form, Asp.net application (not Core). I use the Azure trace feature to log. I can see that only "RedirectToIdentityProvider" is fired. No other event gets

问题 I'm looking for a way to dynamically generate web apis and add them at runtime (after selfhosted server has been initialized). Basically the idea would be to: 1. Create a selfhost owin server serving static/already defined controllers (web apis) -> this part is ok At a later time, I want to dynamically generate a new controller and add it somehow to the server so that client can send request to it. -> is there a way to do that? I know I can dynamically build a controller and add it to the

问题 I use an external provider in order to authenticate user in my ASP.NET MVC app without any problem. However, I also need to authorize users in order to prevent them from direct access or expired access (session for 2 min). I had used ASP.NET Identity before, but this time I do not need to keep neither users nor roles on the table and for this reason I need a quick and good workaround for this problem. So, how can I prevent a user accessing the In dex page of my app without authenticating by

问题 I'm trying to implement OAuth Bearer Authentication with Owin. When an invalid or expired token is passed, the default implementation is to log this as a warning and just don't set an Identity. I however would like to reject the whole request with an error in this case. But how would I do this? After digging through the code I found out that in OAuthBearerAuthenticationHandler it will parse the token using a fallback mechanism when the provided AuthenticationTokenProvider did not parse any