All geek questions in one place

ASP.NET Identity Token Methods Accept All HTTP Methods

I created pone webapi and implemented authentication. I have a token method to get a user token. Everything is working fine.

Scenario: I tested the token method with the postman. Here I noticed that I can use any type of HTTP method to request a token. I think the token method should only support the POST method. But when I use the DELETE method, I also received a token. Same thing, I can also use PUT, PATH etc.

Is this expected? I assume that it should return a method not supported, except for POST requests.

+5
source share
1 answer

You can write your own OAuthAuthorizationServerOptions.Provider. And use the context to accept only the Http publishing request

OAuthAuthorizationServerOptions is the main asp.net identifier class. which you can find in this Microsoft.Owin.Security.OAuth namespace.

+1
source

Source: https://habr.com/ru/post/1273309/

More articles:


All Articles