Using Default Identity Code in Browser

[kevinskrei]

Hi, was the intention of the project to allow one to use the default identity code and still sign in via the browser? I have a very similar project setup with JWT auth and can successfully hit a controller action with the Authorization filter [Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]. However, when I try to login to the DualAuthCore project via the browser and hit the ProtectedController with [Authorize(AuthenticationSchemes = CookieAuthenticationDefaults.AuthenticationScheme)] or the JwtBearerDefaults.AuthenticationScheme I get a 404. It's the same behavior as my project.

Is this something that should work in this project and broke? Or Is this something I should be able to do with the default identity code or modify it? Or is it possible simply in the startup config?

Thank you

[shawnwildermuth]

This is an example, not a library. It shouldn't be 404 in either case. Any chance you have something else wrong? Can you fork the code and see if it works (or show me the fork)?

[mkgn]

This is an example, not a library. It shouldn't be 404 in either case. Any chance you have something else wrong? Can you fork the code and see if it works (or show me the fork)?

I am trying to do something similar. MVC has it's part and WebAPI has it's part. In your example, even though cookies & JWT is configured, it fails with a 401 when calling the /api/customers because the token is not going in the header. Since this is a sample may be you forgot to add that part? (Request the token and submit it for every WebAPI call) ?

[shawnwildermuth]

Are you using ASP.NET or ASP.NET Core?

[mkgn]

ASP.Net Core with .Net 5.0

Will you be able to update your example to give a full walk-through? Like what you have now + a JWT auth API end point with a sample anon API & Authorization required API with may be a refresh token support?

Lot of questions are out there for this but lacks a good working example. If you can have a full example focusing this dual-auth that would be great

Thanks,

On Tue, Apr 27, 2021 at 1:04 AM Shawn Wildermuth @.***> wrote:

Are you using ASP.NET or ASP.NET Core?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/shawnwildermuth/DualAuthCore/issues/10#issuecomment-827091746, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACAA7E2HEKULYKWZ43AU6BLTKW56DANCNFSM4U2BAZFA .

[shawnwildermuth]

I likely won't have time to do a full sliding token example, but the magic can be that you use a sliding token expiration which means on every authenticated call, you can return a header with a new token (with a new expiration).