Full Demo
Integrated example combining Basic, API Key, JWT, Cookies, claims & policies.
Full source
File: Authentication.ps1
The full script is large; earlier chapters break it into focused pieces. Review for orchestration patterns.
<#
14.1 Full Demo (moved from 7.9)
#>
param(
[int]$Port = 5000,
[IPAddress]$IPAddress = [IPAddress]::Loopback
)
New-KrLogger | Add-KrSinkConsole | Register-KrLogger -Name 'console' -SetAsDefault | Out-Null
$certPath = Join-Path $PSScriptRoot 'fulldemo.pfx'
if (-not (Test-Path $certPath)) {
$demoPwd = Read-Host -Prompt 'Enter temporary password for fulldemo.pfx (dev only)' -AsSecureString
New-KrSelfSignedCertificate -DnsName 'localhost' -Path $certPath -Password $demoPwd | Out-Null
} else {
$demoPwd = Read-Host -Prompt 'Enter existing fulldemo.pfx password' -AsSecureString
}
$srv = New-KrServer -Name 'Full Demo Server' -PassThru
Add-KrEndpoint -Port $Port -IPAddress $IPAddress
Add-KrEndpoint -Port ($Port + 433) -IPAddress $IPAddress -CertPath $certPath -CertPassword $demoPwd
if ($IsWindows) { Add-KrNamedPipeListener -PipeName 'kestrun.full.pipe' }
Enable-KrConfiguration
Set-KrServerLimit -MaxRequestBodySize 2097152 -MaxConcurrentConnections 100 | Out-Null
Set-KrServerOptions -DenyServerHeader -MaxRunspaces 8 -MinRunspaces 2 | Out-Null
Add-KrMapRoute -Verbs Get -Pattern '/health' -ScriptBlock { Write-KrJsonResponse @{ ok = $true } }
Add-KrMapRoute -Verbs Get -Pattern '/version' -ScriptBlock { Write-KrJsonResponse @{ version = '1.0'; time = (Get-Date) } }
Start-KrServer -Server $srv -NoWait | Out-Null
Write-Host 'Demo running. Press Enter to stop...'
[void][Console]::ReadLine()
Stop-KrServer -Server $srv
Remove-KrServer -Name $srv.ApplicationName
Step-by-step
- Configure logging, server options & limits.
- Add listeners (HTTP + HTTPS if cert available).
- Register all auth schemes (Basic, API Key, JWT, Cookies, Windows).*
- Build claim policy set (create/read/write/delete/admin).
- Enable configuration.
- Map grouped secure routes & token issuance endpoints.
- Start server.
*Windows auth requires platform support.
Try it
See inline examples at top of the script for a comprehensive sequence generating Basic header, API key, issuing JWT token, renewing, and performing cookie login.
References
Aggregate of previous chapter references; see:
- Basic (PowerShell)
- Basic (C# / VB.NET)
- API Key
- JWT Tokens
- Cookies
- Windows Authentication
- Claims & Policies
Troubleshooting
| Symptom | Cause | Fix |
|---|---|---|
| One scheme works others fail | Misordered registration / enable | Register all before Enable-KrConfiguration |
| Token renewal fails | Invalid bearer on renew route | Use original or unexpired token |
| Cookie route 401 | Session not persisted | Reuse same WebRequestSession |
Previous / Next
- Previous: Multiple Schemes
- Next
Continue with server internals:
- Start with Server Limits
- Then Server Options
- Or skip ahead to Start / Stop Lifecycle