asp.net - Error 401 Unauthorized. How to Use the same token for different Urls? -


in asp.net identity using oauth2 token created once user authenticated posting user , password.

before making call action 1 api, user must ask token:

http://mysite/auth/token

once token received, web api calls can done, sending the

authorization: bearer <token> header: 

get http://mysite/auth/product/1 put http://mysite/auth/client/42

i have several web apis use centralised security system authentication, problem receive unauthorizaed (401) when try call different api (with different url). example:

get http://mysite/myapi/product/1

if security centralised , both apis using same users database authentication, how can use same token different urls?

finally found solution adding same machinekey tag in both web.config files:

<system.web> ... <machinekey validationkey="57b449bba8f9e656087ff7848727e122c5f5966f65ac0fc25fb3532193b59cfcd13b370883ffc184c1f1500638f33e6f67b37caed1d9bc65bbc6cffb232bfd0b" decryptionkey="6d9fbe88d16b3fa5b5e6b37460bbe50da85d5b4c482159006b5a337c58aa9e79" validation="sha1" decryption="aes" /> ... </system.web>

as suggested on accepted answer here using machinekey generator.

from documentation:

sharing authentication tickets across applications
if need single logon work across multiple applications located in separate virtual directories, need share common authentication ticket. configure common authentication ticket, must manually generate validationkey , decryptionkey values , ensure each application shares these values. if want share tickets across applications on server can set these manual values on element in machine level web.config file. share tickets across specific applications, can use element common validationkey , decryptionkey values in relevant application's web.config files.

updated - security warning

security warning

there many web sites generate element click of button. never use element obtained 1 of these sites. impossible know whether these keys created securely or if being recorded secret database. should ever use configuration elements created yourself.

read appendix on link know how generate own machinekey element.


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv&quo
Read more

javascript - Highcharts multi-color line -

Image
i looking create highchart multi-colored line. if goes down under value, become red, , when comes on value, become green . here picture example: or maybe highcharts have other charts models differentiate high or low level color? you can achieve coloring using lineargradient coloring: color: { lineargradient: { x1: 0, x2: 0, y1: 0, y2: 1 }, stops: [ [0, 'red'], [0.25, 'yellow'], [0.50, 'green'], [0.75, 'yellow'], [1, 'red'] ] } here 0 in stops relates minimum value of series , 1 maximum value, , in between percentages between values. if find percentages according values prior creating chart use correct stops values make relate specific values in data (at least approximately). see this jsfiddle example .
Read more

javascript - Enter key does not work in search box -

tried search guys sorry. input in search box doesnt work (or search) when hit enter when user clicks search button. doing wrong? here code. thanks. <script type="text/javascript"> $(document).ready(function() { $("#submit").click(function() { var url = "http://asla.org/awardssearch.html"; url += "?s=" + $('#googlecse').val(); window.location = url; }); $('#googlecse').keydown(function(event) { if (event.keycode == '13') { $("#submit").click(); } else { //do nothing :) } }); }); </script> <form class="navbar-form navbar-right" role="search"> <div class="search"> <input id="googlecse" type="text" onblur="if(this.value=='')this.value=this.defaultvalue;" onfocus="if(this.value==this.defaultvalue)t
Read more