1

I have used the default web application template for ASP.NET Core and created an application (http://localhost:xxxx/).

Now I have added a new Web API Controller with path as api/test and default get method that returns a test string array and have decorated the API with Authorize attribute.

Now I have run the application and logged in with registered user.

Opened fiddler and tried to access the web API (http://localhost:xxxx/api/test/).

But it's redirecting me to login page. I have tried using the cookie authentication too but still not able to access Web API. Am I missing something here?

[Route("api/test")] 
[Authorize] 
public class TestController : Controller 
{
    [HttpGet]
    public IEnumerable<string> Get() 
    { 
        return new string[] { "value1", "value2" }; 
    } 
}
David Pine
  • 23,787
  • 10
  • 79
  • 107
Teja
  • 31
  • 4
  • Please share some source code – David Pine May 05 '16 at 12:01
  • Hi David, as i mentioned above i just created a web application using the default template provided. then added a controller here is the code below. [Route("api/test")] [Authorize] public class TestController : Controller { [HttpGet] public IEnumerable Get() { return new string[] { "value1", "value2" }; } } Now i have registered a user and logged in to the application using that user.tried to open a new window or open fiddler and tried to access the method on controller http://localhost:xxxx/api/test/. – Teja May 07 '16 at 19:05
  • I am basically trying to run 2 applications the first application acts as Idsrv. So when i run the 2nd application it redirects me to the first app and presents me the login screen. I login and then it puts me back to the 2nd app. Now when i try to access a protected resource on the Idsrv or the first application it again tries to put me in login screen. would ideally love to let me access the protected resource. – Teja May 07 '16 at 19:18

1 Answers1

0

When you log in from the browser, the browser itself will manage the cookie and use it as part of each subsequent request to the server -- even though you're local this is still the same workflow. You have specified that your entire class is to only accessible to Authorized requested, this means that it will redirect to the login screen if the request doesn't have the correct cookie.

Am I missing something here?

Yes, you're missing that fiddler doesn't know what cookie to use and it's disassociated from the browser. You must instruct fiddler to use the cookie for its request as explained here.

Community
  • 1
  • 1
David Pine
  • 23,787
  • 10
  • 79
  • 107
  • Hi dave, Thanks for the help. I understood the fiddler part of it needing a cookie. But the flow where 2 applications are talking the first controller accessed, does not have authorize attribute It checks internally and redirects to login screen and after authentication generates token and redirects to APP 1 .A subsequent call to controller with authorize attribute puts me back in login screen. But if i do the same with pre logging in to the Idsrv and open a tab in the same browser and repeat the same steps I am able to login and access the controller – Teja May 10 '16 at 16:12