chimera
I just published an update to Azure, but for some reason the header access-control-allow-headers
When using Azure Web App, for some reason i can't add the access-control-allow-headers header. I even tried using an ActionFilterAttribute OnActionExecuted. But that doesn't work.
1 replies
❔ Binding a DTO from route and body
I have been trying to do this for the last 5 years. I want to be able to send something like a put request with the route: 'api/user/{id}' and send a body with data to update like
{"username": "newUsername"}
and have an endpoint like this:
[HttpPut("{id}")]
public async Task<IActionResult> UpdateUser(UpdateUserDTO dto)
where the DTO would look like this:
public record UpdateUserDTO(int Id, string userName)
and just have it bind without having to accept the id as another parameter in the UpdateUser endpoint and then set it in the DTO. I have tried setting the [FromRoute] and [FromBody] both in the DTO class and in the UpdateUser parameters.
Really hope someone can shed some light on this.6 replies
❔ Microsoft SSO is id_token secure, and can i use preferred Username as email?
So i have been struggling alot with integrating Azure AD SSO. First i tried using the middleware but that conflicted with the existing username/password bearer setup. Then i tried finding a way to validate the token, but failed to validate the full token. Now i can validate the id_token that is sent to, but i am not sure if i can trust the preferred_username to always be an email, and never change?
2 replies
❔ Having trouble integrating Azure ad SSO and normal username/password
So I am trying to integrate Microsoft SSO into my .net 7 API. I basically want every endpoint to use my normal username/password except for a single endpoint, that should validate the SSO token.
My normal username/password scheme uses a JWT bearer, and since Microsoft SSO also uses this, the schemes collide, so I have given my username/password scheme a custom name. I am having trouble defining what endpoints should authenticate using my normal bearer scheme and what should validate using Microsoft SSO.
I've defined my authentication like this:
3 replies
❔ Validate an Azure ad token in .net 7
Hi, so i am trying to validate an Azure Ad token coming from an SPA. My thinking is that I would want to validate the token and then issue my own token.
The reason I am not using the the Middleware AddMicrosoftIdentityWebApi is that it seems to break my normal username/password JWT validator, and I have some claims from our own database, that is required to be in the JWT token as a claim, and it doesn't seem to be possible to do that with a Azure Ad token.
I have tried this, but it just throws an "Object reference not set to an instance of an object." even though all the parameters is not null
string token = "";
string myTenant = "<>";
var myAudience = "api://<>";
var myIssuer = "https://login.microsoftonline.com/<>/wsfed";
var mySecret = "<SECRET>";
var mySecurityKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(mySecret));
var stsDiscoveryEndpoint = String.Format(CultureInfo.InvariantCulture, "https://login.microsoftonline.com/{ 0 }/.well-known/openid-configuration", myTenant);
var configManager = new ConfigurationManager<OpenIdConnectConfiguration>(stsDiscoveryEndpoint, new OpenIdConnectConfigurationRetriever());
var config = configManager.GetConfigurationAsync().Result;
var tokenHandler = new JwtSecurityTokenHandler();
var validationParameters = new TokenValidationParameters
{
ValidAudience = myAudience,
ValidIssuer = myIssuer,
IssuerSigningKeys = config.SigningKeys,
ValidateLifetime = false,
IssuerSigningKey = mySecurityKey
};
SecurityToken validatedToken;
// Throws an Exception as the token is invalid (expired, invalid-formatted, etc.)
try
{
tokenHandler.ValidateToken(token, validationParameters, out validatedToken).Dump();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}9 replies
❔ Designing an api that can create "fields" with different values
Hi, so I am creating a feature in my API where the user can create kind of a Form, and the user can create some fields with different value types. The field types are bool, string, date, decimal, and a list, where the important things are the name.
The thing i find difficult is how to store the different values in the best way.
I have several different thought, ranging from every field type having it's own class, inheriting from one Field class with common properties, to just store it in one class type, and shoving every possible type in a string, and having an enum tell me what type it is, and just convert it back. This will make it hard to make any search meaningful however. Last thought i had is to have one class type and having it have a BoolValue, StringValue and so on.
I feel like there is some better OOP way to do this that i ain't seeing. This also needs to work with Entity Framework 🙂
29 replies