DualAuthCore icon indicating copy to clipboard operation
DualAuthCore copied to clipboard

Published 20 hours ago verified publisher icon shawnwildermuth

Using Default Identity Code in Browser

Open kevinskrei opened this issue 4 years ago • 5 comments

Hi, was the intention of the project to allow one to use the default identity code and still sign in via the browser? I have a very similar project setup with JWT auth and can successfully hit a controller action with the Authorization filter [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]. However, when I try to login to the DualAuthCore project via the browser and hit the ProtectedController with [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)] or the JwtBearerDefaults.AuthenticationScheme I get a 404. It's the same behavior as my project.

Is this something that should work in this project and broke? Or Is this something I should be able to do with the default identity code or modify it? Or is it possible simply in the startup config?

Thank you

kevinskrei avatar Dec 14 '20 02:12 kevinskrei

This is an example, not a library. It shouldn't be 404 in either case. Any chance you have something else wrong? Can you fork the code and see if it works (or show me the fork)?

shawnwildermuth avatar Dec 14 '20 04:12 shawnwildermuth

This is an example, not a library. It shouldn't be 404 in either case. Any chance you have something else wrong? Can you fork the code and see if it works (or show me the fork)?

I am trying to do something similar. MVC has it's part and WebAPI has it's part. In your example, even though cookies & JWT is configured, it fails with a 401 when calling the /api/customers because the token is not going in the header. Since this is a sample may be you forgot to add that part? (Request the token and submit it for every WebAPI call) ?

mkgn avatar Apr 26 '21 15:04 mkgn

Are you using ASP.NET or ASP.NET Core?

shawnwildermuth avatar Apr 26 '21 19:04 shawnwildermuth

ASP.Net Core with .Net 5.0

Will you be able to update your example to give a full walk-through? Like what you have now + a JWT auth API end point with a sample anon API & Authorization required API with may be a refresh token support?

Lot of questions are out there for this but lacks a good working example. If you can have a full example focusing this dual-auth that would be great

Thanks,

On Tue, Apr 27, 2021 at 1:04 AM Shawn Wildermuth @.***> wrote:

Are you using ASP.NET or ASP.NET Core?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/shawnwildermuth/DualAuthCore/issues/10#issuecomment-827091746, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAA7E2HEKULYKWZ43AU6BLTKW56DANCNFSM4U2BAZFA .

mkgn avatar Apr 27 '21 05:04 mkgn

I likely won't have time to do a full sliding token example, but the magic can be that you use a sliding token expiration which means on every authenticated call, you can return a header with a new token (with a new expiration).

shawnwildermuth avatar Apr 27 '21 05:04 shawnwildermuth