ASP.NET Web API Authorization with Postman

Question

I have created an ASP.NET Web API and applied Authorize attribute to the API controller. Now, I want to test it using Postman but I am getting Authorization error.

Controller code is:

[Authorize]
[HttpPost]
public IHttpActionResult Attend([FromBody] int gigId)
{
    var attendance = new Attdendance
    {
        GigId =  gigId,
        AttendeeId = User.Identity.GetUserId()
    };

    _context.Attdendances.Add(attendance);
    _context.SaveChanges();
    return Ok();
}

My request looks like this http://prntscr.com/c8wz0b

I am using this advance Postman rest client http://prntscr.com/c8xafd

How do I pass authorization in Postman?

Answer 1

For Postman Windows App 4.6.0:

1. Select your request from your request collection
2. Go to the "Authorization" tab
3. Choose an appropriate "Type", e.g. "Basic Auth"
4. Enter "Username" and "Password"
5. Click "Update Request"

Answer 2

EDIT 23/08/2016 I presume you are in cookie authentication with identity

// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login"),
    Provider = new CookieAuthenticationProvider
    {
        // Enables the application to validate the security stamp when the user logs in.
        // This is a security feature which is used when you change a password or add an external login to your account.  
        OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
            validateInterval: TimeSpan.FromMinutes(30),
            regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
    }
});

This is the default configuration with identity in Visual Studio. I can argue why it is not a good option for security but that's not the point.

You can go whit it in "postman" but it's tricky this is how I do it :

1. Make a request over your login page :

2. Get the anti forgery token in the form :

3. Make a post request on login page with this post params in data form :

Now your postman get the authentication cookie and you can request web api with [authorize] tag

EDIT

For tool you have to add an authorization header.

• Go in the Headers form
• Add the HTTP header "authorization"
• Click on the edit button et voilà ;)

screen shot

Previous answer deleted