Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

But Seriously.... Example of ASP.NET WebAPI implementation including OAuth

I'm really not interested in WCF samples. The DotNetOpenAuth implementations that I found are also incomplete or assume WCF. I've found Thinkitecture.IdentityServer.45 which is anything but lightweight and isn't really appropriate for building into my new WebAPI project. I even found the Oauth2DotNet project that has almost no real information.

Microsoft has posted a few Oauth/OpenID related projects, but I can't even find proper documentation for these either.

My project: Create a new site to provide "REST-style" API services for authorized mobile applications using .NET 4.5 and ASP.NET WebAPI. Since these applications don't necessarily have to act on behalf of a user, we believe that "2-legged" Oauth will be acceptable because we would like the ability to shut down and deny access to our API if a specific application gets out of hand.

Out of all of this, I've spent a week trying to get a basic implementation working, but haven't even been able to identify the various token types and what makes up the tokens themselves. This really shouldn't be so difficult and I find the lack of basic information on the topics involved quite frustrating. Yes, the specs are posted, but nowhere are they distilled and ready for implementation.

I'd like the ideal solution to extend to integrate properly with the WepAPI's Authenticate attribute, probably as an ActionFilter/AuthorizationFilter so I can identify and authenticate the remote application before attempting to authorize access to one or more of my elegant REST-ful API methods.

Where's the "getting started"?

like image 635
Eric Falsken Avatar asked Sep 28 '12 01:09

Eric Falsken


1 Answers

Basically, HMAC authentication is enough to solve your problem, check out in here:

How to secure an ASP.NET Web API

And:

Web API creating API keys

like image 165
cuongle Avatar answered Oct 27 '22 03:10

cuongle