First I'll sketch my project:
For my internship I need to add functionality to an existing system. A 3rd party client must be able to access data from AX Webservices once he is authorised by the user via OAuth2. I understand that I need to make a 'proxy web service' whereto the client can make its calls and that calls the AX services but I am a bit unsure about the OAuth2 part. Most tutorials and guides are about using ASP.NET's Identity for Facebook or Google-logins. I do not need that, I need to use existing credentials so I need to make my own OAuth2 service.
I find it hard to find tutorials, guides or explanations on this. I understand OAuth2 and what needs to be done, but I have never done such a thing before and find it hard to start. The closest thing to what I need that I found is this github repo link, but the solution does not build.
What I had in mind is making an ASP.NET MVC Website where clients (3rd parties) can register themselves and acquire their Client ID's. With ASP.NET API I wanted to create the API that take the required tokens and parameters, and then access the Dyn AX services.
Is this correct or am I entirely wrong? Any help or links regarding building your own oauth2 server/service would be nice.
For local login, Web API uses the resource owner password flow defined in OAuth2. The user enters a name and password into the client. The client sends these credentials to the authorization server. The authorization server authenticates the credentials and returns an access token.
OAuth2 is the preferred method of authenticating access to the API. OAuth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account.
OAuth is a token based authorization mechanism for REST Web API. You develop the authorization with the API only once up until the expiration time of the token. The generated token is then used each time the REST Web API is called, saving an authorization step every time the REST Web API is called.
This article is about OAuth 2.0 authorization scheme integration with ASP.NET MVC REST Web API. REST Web API is a light-weight essential component of web development in order to share the data across multiple client machines or devices e.g. mobile devices, desktop applications or any website.
This project will protect its application access using the OpenID Connect protocol and for this, it will utilize Identity Server which was built earlier to implement OAuth2 and OpenID connect in ASP.NET Core. You will have to add the package Microsoft.AspNetCore.Authentication.OpenIdConnect to the MVC project.
So, this new scheme of authorization is OAuth 2.0 which is a token based authorization scheme. In this tutorial, I shall demonstrate OAuth 2.0 mechanism to authorize a REST Web API which will also give us the benefit of [Authorize] attribute via OWIN security layer.
For current Google OAuth instructions, see Configuring Google authentication in ASP.NET Core. Navigate to the Google Developers Console. If you haven't created a project before, select Credentials in the left tab, and then select Create. In the left tab, click Credentials.
There is a brilliant blog post from Taiseer Joudeh with a detailed step-by-step description.
I also struggled finding articles on how to just generate the token part. I never found one and wrote my own. So if it helps:
The things to do are:
Microsoft.Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth
Microsoft.AspNet.Identity.Owin
startup
classThen create a HTML and a JavaScript (index.js
) file with these contents:
var loginData = 'grant_type=password&[email protected]&password=test123'; var xmlhttp = new XMLHttpRequest(); xmlhttp.onreadystatechange = function () { if (xmlhttp.readyState === 4 && xmlhttp.status === 200) { alert(xmlhttp.responseText); } } xmlhttp.open("POST", "/token", true); xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); xmlhttp.send(loginData);
<!DOCTYPE html> <html> <head> <title></title> </head> <body> <script type="text/javascript" src="index.js"></script> </body> </html>
The OWIN startup
class should have this content:
using System; using System.Security.Claims; using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using OAuth20; using Owin; [assembly: OwinStartup(typeof(Startup))] namespace OAuth20 { public class Startup { public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; } public void Configuration(IAppBuilder app) { OAuthOptions = new OAuthAuthorizationServerOptions() { TokenEndpointPath = new PathString("/token"), Provider = new OAuthAuthorizationServerProvider() { OnValidateClientAuthentication = async (context) => { context.Validated(); }, OnGrantResourceOwnerCredentials = async (context) => { if (context.UserName == "[email protected]" && context.Password == "test123") { ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); context.Validated(oAuthIdentity); } } }, AllowInsecureHttp = true, AccessTokenExpireTimeSpan = TimeSpan.FromDays(1) }; app.UseOAuthBearerTokens(OAuthOptions); } } }
Run your project. The token should be displayed in the pop-up.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With