I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.
Controller code is:
[Authorize]
[HttpPost]
public IHttpActionResult Attend([FromBody] int gigId)
{
var attendance = new Attdendance
{
GigId = gigId,
AttendeeId = User.Identity.GetUserId()
};
_context.Attdendances.Add(attendance);
_context.SaveChanges();
return Ok();
}
My request looks like this http://prntscr.com/c8wz0b
I am using this advance Postman rest client http://prntscr.com/c8xafd
How do I pass authorization in Postman?
You can pass auth details along with any request you send in Postman. Auth data can be included in the header, body, or as parameters to a request. If you enter your auth details in the Authorization tab, Postman will automatically populate the relevant parts of the request for your chosen auth type.
Web API provides a built-in authorization filter, AuthorizeAttribute. This filter checks whether the user is authenticated. If not, it returns HTTP status code 401 (Unauthorized), without invoking the action. You can apply the filter globally, at the controller level, or at the level of individual actions.
The ASP.NET Web API Framework provides a built-in authorization filter attribute i.e. AuthorizeAttribute and you can use this built-in filter attribute to checks whether the user is authenticated or not. If not, then it simply returns the HTTP status code 401 Unauthorized, without invoking the controller action method.
For Postman Windows App 4.6.0:
EDIT 23/08/2016 I presume you are in cookie authentication with identity
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.
You can go whit it in "postman" but it's tricky this is how I do it :
Now your postman get the authentication cookie and you can request web api with [authorize] tag
EDIT
For tool you have to add an authorization header.
screen shot
Previous answer deleted
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With