Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Web API Authorization with Postman

I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.

Controller code is:

[Authorize]
[HttpPost]
public IHttpActionResult Attend([FromBody] int gigId)
{
    var attendance = new Attdendance
    {
        GigId =  gigId,
        AttendeeId = User.Identity.GetUserId()
    };

    _context.Attdendances.Add(attendance);
    _context.SaveChanges();
    return Ok();
}

My request looks like this http://prntscr.com/c8wz0b

I am using this advance Postman rest client http://prntscr.com/c8xafd

How do I pass authorization in Postman?

like image 789
Asif Hameed Avatar asked Aug 22 '16 13:08

Asif Hameed


People also ask

How do I authenticate Web API in Postman?

You can pass auth details along with any request you send in Postman. Auth data can be included in the header, body, or as parameters to a request. If you enter your auth details in the Authorization tab, Postman will automatically populate the relevant parts of the request for your chosen auth type.

How do I authorize ASP.NET Web API?

Web API provides a built-in authorization filter, AuthorizeAttribute. This filter checks whether the user is authenticated. If not, it returns HTTP status code 401 (Unauthorized), without invoking the action. You can apply the filter globally, at the controller level, or at the level of individual actions.

How do I authenticate and authorize in Web API?

The ASP.NET Web API Framework provides a built-in authorization filter attribute i.e. AuthorizeAttribute and you can use this built-in filter attribute to checks whether the user is authenticated or not. If not, then it simply returns the HTTP status code 401 Unauthorized, without invoking the controller action method.


2 Answers

For Postman Windows App 4.6.0:

  1. Select your request from your request collection
  2. Go to the "Authorization" tab
  3. Choose an appropriate "Type", e.g. "Basic Auth"
  4. Enter "Username" and "Password"
  5. Click "Update Request"
like image 131
Georg Patscheider Avatar answered Sep 18 '22 11:09

Georg Patscheider


EDIT 23/08/2016 I presume you are in cookie authentication with identity

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.

You can go whit it in "postman" but it's tricky this is how I do it :

  1. Make a request over your login page :

enter image description here

  1. Get the anti forgery token in the form :

enter image description here

  1. Make a post request on login page with this post params in data form :

enter image description here

Now your postman get the authentication cookie and you can request web api with [authorize] tag

EDIT

For tool you have to add an authorization header.

  • Go in the Headers form
  • Add the HTTP header "authorization"
  • Click on the edit button et voilà ;)

screen shot

Previous answer deleted

like image 45
Mathieu Avatar answered Sep 21 '22 11:09

Mathieu