Base solution for your next web application
Open Closed

Passwordless data insert #12307


User avatar
0
muhittincelik created

Hi,

I want to write an application that collects data from external clients. That is, it collects data externally using curl, without using a username and password, only using tokens. How can I do this?

Like Jira. In jira we create a token with not expired. And clients connect to Jira with this token. I want to user similar senario on asp net zero app.

Muhittin


6 Answer(s)
  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi @muhittincelik

    Is the Passwordless Login described in this document what you want to do? Could you please give more details

  • User Avatar
    0
    muhittincelik created

    I mean,

    I have lots of Unix/Linux server and i want to send telemetry data like hostname, memory to my backend (aspnetzero) system via curl command. And i want to schedule this command with crontab.

    At backend system i want to create a Bearer token not expired or expire in 1 or 2 years. And i want to use this bearer token in curl command. I dont want to write username or password at crontab command or script.

    Muhittin

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @muhittincelik

    We planned such a feature but haven't implemented this yet. I think, you can follow such a scenario;

    1. Create a user entity for this purpose (username: api-client for example)
    2. Then, use this user to generate a token (You can temporarily change token lifetime or you can do it on codebehind)

    Then, you can distribute this token to your clients. But, be aware that, if this token is exposed, anyone with the token can send similar data. So, you can also consider creating a black-list token table and check this table when your app receives a token, and throw exception if this table contains the given token.

  • User Avatar
    0
    muhittincelik created

    Can you tell me how can i do ? Is there a table to store tokens and lifetime's. Is not in cache ? I think tables only track names to reference this token in cache ?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    Yes, you are right sorry. In this case, easiest way is to share username & password with your users so they can get a token and use it for their requests.

    Implementing such a feature from scratch will take longer time.

  • User Avatar
    0
    muhittincelik created

    Thanks.

    So i tried to use Openiddict. I can get authorization code with https://localhost:44301/connect/authorize?client_id=client&response_type=code

    Then i used this code with client_id and client_secret parameters, i got access_token.

    With this access_token i can call https://localhost:44301/api/services/app/WinStageHosts/GetAll

    But when i try this api call (https://localhost:44301/api/services/app/WinStageHosts/CreateOrEdit) with releated json input from body i got the following error.

    ERROR 2025-02-06 11:43:32,595 [29 ] idateAntiforgeryTokenAuthorizationFilter - The required antiforgery header value "X-XSRF-TOKEN" is not present. Microsoft.AspNetCore.Antiforgery.AntiforgeryValidationException: The required antiforgery header value "X-XSRF-TOKEN" is not present. at Microsoft.AspNetCore.Antiforgery.DefaultAntiforgery.ValidateRequestAsync(HttpContext httpContext) at Abp.AspNetCore.Mvc.Antiforgery.AbpValidateAntiforgeryTokenAuthorizationFilter.OnAuthorizationAsync(AuthorizationFilterContext context) INFO 2025-02-06 11:43:32,597 [29 ] c.Infrastructure.ControllerActionInvoker - Authorization failed for the request at filter 'Abp.AspNetCore.Mvc.Antiforgery.AbpAutoValidateAntiforgeryTokenAuthorizationFilter'. INFO 2025-02-06 11:43:32,598 [29 ] icrosoft.AspNetCore.Mvc.StatusCodeResult - Executing StatusCodeResult, setting HTTP status code 400 INFO 2025-02-06 11:43:32,598 [29 ] c.Infrastructure.ControllerActionInvoker - Executed action Smart.Inventory.WinStageHostsAppService.CreateOrEdit (Smart.Application) in 5.0783ms INFO 2025-02-06 11:43:32,598 [29 ] ft.AspNetCore.Routing.EndpointMiddleware - Executed endpoint 'Smart.Inventory.WinStageHostsAppService.CreateOrEdit (Smart.Application)' INFO 2025-02-06 11:43:32,599 [29 ] Microsoft.AspNetCore.Hosting.Diagnostics - Request finished HTTP/1.1 POST https://localhost:44301/api/services/app/WinStageHosts/CreateOrEdit - 400 - - 48.0187ms