آزمایش Web APIs توسط Postman - قسمت ششم - اعتبارسنجی مبتنی بر JWT
نویسنده: وحید نصیری
تاریخ: ۱۳۹۸/۰۲/۲۲ ۱۹:۲۰
آدرس: www.dntips.ir
| مطالب | ۳۶۹۴ |
| نویسندگان | ۲۷۶ |
| گروههای مطالب | ۱۰۲۴ |
| نقشههای راه | ۱۱۹ |
| دورهها | ۱۴ |
| اشتراکها | ۱۷۹۱۴ |
{
"username": "Vahid",
"password": "12345"
}
var jsonData = pm.response.json();
pm.globals.set("access_token", jsonData.access_token);
pm.globals.set("refresh_token", jsonData.refresh_token);
var jsonData = pm.response.json();
pm.globals.set("access_token", jsonData.access_token);
pm.globals.set("refresh_token", jsonData.refresh_token);
pm.globals.set('XSRF-TOKEN', pm.cookies.get('XSRF-TOKEN'));
var jsonData = pm.response.json();
pm.globals.set("access_token", jsonData.access_token);
pm.globals.set("refresh_token", jsonData.refresh_token);
pm.globals.set('XSRF-TOKEN', pm.cookies.get('XSRF-TOKEN'));
The collection type 'Newtonsoft.Json.Linq.JToken' is not supported
[HttpPost("[action]")]
public async Task<IActionResult> RefreshToken([FromBody]JToken jsonBody)
{
var refreshTokenValue = jsonBody.Value<string>("refreshToken"); public class Token
{
[JsonPropertyName("refreshToken")]
public string RefreshToken { get; set; }
}
public async Task<IActionResult> RefreshToken([FromBody]Token model) public void ConfigureServices(IServiceCollection services)
{
// بقیه کدها جهت سهولت در خوانایی حذف شده اسند
services.AddAntiforgery(opt =>
{
opt.Cookie.Name = ".Middleware.Antiforgery";
opt.HeaderName = "X-XSRF-TOKEN";
opt.SuppressXFrameOptionsHeader = false;
});
} var loginUrl = new RestClient("https://XXXXXXXXXXXX/account/login");
var loginRequest = new RestRequest(Method.POST);
loginRequest.AddJsonBody(new { Username = txtUsername.Text, Password = txtPassword.Text });
var loginResponse = loginUrl.Execute(loginRequest);
var loginContent = JToken.Parse(loginResponse.Content);
var loginCookies = loginResponse.Cookies;
var antiforgerytokeCookie = loginCookies[1].Value;
_accessToken = loginContent.Value<string>("access_token");
var authenticateUrl = new RestClient("https://XXXXXXXXXXXX/account/ad/authenticate");
var authRequest = new RestRequest(Method.POST);
authRequest.AddHeader("X-XSRF-TOKEN", antiforgerytokeCookie);
authRequest.AddHeader("Authorization", "Bearer " + _accessToken);
var authResponse = authenticateUrl.Execute(authRequest);
var infoContent = authResponse.Content; $.ajax('http://someotherdomain.com', {
method: 'POST',
contentType: 'text/plain',
data: 'sometext',
beforeSend: function(xmlHttpRequest) {
xmlHttpRequest.withCredentials = true;
}
}); var httpContext = _contextAccessor.HttpContext;
httpContext.User = new ClaimsPrincipal(new ClaimsIdentity(claims, JwtBearerDefaults.AuthenticationScheme));
var tokens = _antiforgery.GetAndStoreTokens(httpContext);
httpContext.Response.Cookies.Append(
key: XsrfTokenKey,
value: tokens.RequestToken,
options: new CookieOptions
{
SameSite = SameSiteMode.Unspecified,
IsEssential = true,
Secure = httpContext.Request.IsHttps,
HttpOnly = false // Now JavaScript is able to read the cookie
}); options.Cookie.Domain = ".contoso.com";