Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to implement oauth2 server in ASP.NET MVC 5 and WEB API 2 [closed]

First I'll sketch my project:

For my internship I need to add functionality to an existing system. A 3rd party client must be able to access data from AX Webservices once he is authorised by the user via OAuth2. I understand that I need to make a 'proxy web service' whereto the client can make its calls and that calls the AX services but I am a bit unsure about the OAuth2 part. Most tutorials and guides are about using ASP.NET's Identity for Facebook or Google-logins. I do not need that, I need to use existing credentials so I need to make my own OAuth2 service.

I find it hard to find tutorials, guides or explanations on this. I understand OAuth2 and what needs to be done, but I have never done such a thing before and find it hard to start. The closest thing to what I need that I found is this github repo link, but the solution does not build.

What I had in mind is making an ASP.NET MVC Website where clients (3rd parties) can register themselves and acquire their Client ID's. With ASP.NET API I wanted to create the API that take the required tokens and parameters, and then access the Dyn AX services.

Is this correct or am I entirely wrong? Any help or links regarding building your own oauth2 server/service would be nice.

like image 574
Robin Avatar asked Nov 05 '14 11:11

Robin


People also ask

How does OAuth2 work in Web API?

For local login, Web API uses the resource owner password flow defined in OAuth2. The user enters a name and password into the client. The client sends these credentials to the authorization server. The authorization server authenticates the credentials and returns an access token.

What is OAuth 2.0 authentication in REST API?

OAuth2 is the preferred method of authenticating access to the API. OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account.

How does OAuth work in REST API C#?

OAuth is a token based authorization mechanism for REST Web API. You develop the authorization with the API only once up until the expiration time of the token. The generated token is then used each time the REST Web API is called, saving an authorization step every time the REST Web API is called.

What is OAuth2 in MVC REST Web API?

This article is about OAuth 2.0 authorization scheme integration with ASP.NET MVC REST Web API. REST Web API is a light-weight essential component of web development in order to share the data across multiple client machines or devices e.g. mobile devices, desktop applications or any website.

How to implement OAuth2 and OpenID Connect in MVC using Identity Server?

This project will protect its application access using the OpenID Connect protocol and for this, it will utilize Identity Server which was built earlier to implement OAuth2 and OpenID connect in ASP.NET Core. You will have to add the package Microsoft.AspNetCore.Authentication.OpenIdConnect to the MVC project.

What is OAuth 2 0?

So, this new scheme of authorization is OAuth 2.0 which is a token based authorization scheme. In this tutorial, I shall demonstrate OAuth 2.0 mechanism to authorize a REST Web API which will also give us the benefit of [Authorize] attribute via OWIN security layer.

How do I configure Google oAuth in ASP NET Core?

For current Google OAuth instructions, see Configuring Google authentication in ASP.NET Core. Navigate to the Google Developers Console. If you haven't created a project before, select Credentials in the left tab, and then select Create. In the left tab, click Credentials.


2 Answers

There is a brilliant blog post from Taiseer Joudeh with a detailed step-by-step description.

  1. Part 1: Token Based Authentication using ASP.NET Web API 2, Owin, and Identity
  2. Part 2: AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity
  3. Part 3: Enable OAuth Refresh Tokens in AngularJS App using ASP .NET Web API 2, and Owin
  4. Part 4: ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app
  5. Part 5: Decouple OWIN Authorization Server from Resource Server
like image 71
MichaelS Avatar answered Sep 23 '22 21:09

MichaelS


I also struggled finding articles on how to just generate the token part. I never found one and wrote my own. So if it helps:

The things to do are:

  • Create a new web application
  • Install the following NuGet packages:
    • Microsoft.Owin
    • Microsoft.Owin.Host.SystemWeb
    • Microsoft.Owin.Security.OAuth
    • Microsoft.AspNet.Identity.Owin
  • Add a OWIN startup class

Then create a HTML and a JavaScript (index.js) file with these contents:

var loginData = 'grant_type=password&[email protected]&password=test123';  var xmlhttp = new XMLHttpRequest(); xmlhttp.onreadystatechange = function () {     if (xmlhttp.readyState === 4 && xmlhttp.status === 200) {         alert(xmlhttp.responseText);     } } xmlhttp.open("POST", "/token", true); xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlhttp.send(loginData); 
<!DOCTYPE html> <html> <head>     <title></title> </head> <body>     <script type="text/javascript" src="index.js"></script> </body> </html> 

The OWIN startup class should have this content:

using System; using System.Security.Claims; using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using OAuth20; using Owin;  [assembly: OwinStartup(typeof(Startup))]  namespace OAuth20 {     public class Startup     {         public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }          public void Configuration(IAppBuilder app)         {             OAuthOptions = new OAuthAuthorizationServerOptions()             {                 TokenEndpointPath = new PathString("/token"),                 Provider = new OAuthAuthorizationServerProvider()                 {                     OnValidateClientAuthentication = async (context) =>                     {                         context.Validated();                     },                     OnGrantResourceOwnerCredentials = async (context) =>                     {                         if (context.UserName == "[email protected]" && context.Password == "test123")                         {                             ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);                             context.Validated(oAuthIdentity);                         }                     }                 },                 AllowInsecureHttp = true,                 AccessTokenExpireTimeSpan = TimeSpan.FromDays(1)             };              app.UseOAuthBearerTokens(OAuthOptions);         }     } } 

Run your project. The token should be displayed in the pop-up.

like image 42
Kai Hartmann Avatar answered Sep 23 '22 21:09

Kai Hartmann