Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Web API authorization access_token validation

Tags:

c#

asp.net-mvc

access-token

api

Now I am working with authorization with OAUTH2.0. I want to do my own authorization server(WEB API). I have a Dummy MVC project to test this. I succeeded to create some access token in server(WEB API) using 'SimpleAuthorizationServerProvider'. I have to call some API Calls but should authorized. so I can send this call with my token like.

https://localhost/Profile?access_token=...

or can send access_token through header. This much is OK now from my side. But I need to validate this access_token in server side. I can get access token from client(Dummy MVC project).

private static TokenResponse GetToken()
    {
            var client = new OAuth2Client(new Uri("http://localhost:2727/token"),"client1", "secret");
            var response = client.RequestResourceOwnerPasswordAsync("bob", "bob").Result;
            return response;
    }

But could not uderstand where it's created from server side. And Where we Can Validate the access_token in server side (Web API). I read lot but still very much confused. Please help me. Thanks!!

like image 817
b_in_U Avatar asked May 01 '14 07:05

b_in_U

1 Answers

You don't need to worry about access token on server side. Access token on server side is parsed and validated by Katana middleware. If you need more details on how access token is created/used then search for DeserializeTicket and SerializeTicket methods in Katana sources, you will find that these methods are used in conjunction with Token to serialize/deserialize ClaimsIdentity which you have pased on client side(DummyMVC).

Anyway you are using SimpleAuthorizationServerProvider from Embedded AuthorizationServer Thinktecture project which is wrapper around OAuthAuthorizationServerProvider. Am I right? I belive you want to validate credentials. In your case you can override GrantResourceOwnerCredentials. 

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        // validate user credentials (demo!)
        // user credentials should be stored securely (salted, iterated, hashed yada)
        if (context.UserName != context.Password)
        {
            context.Rejected();
            return;
        }
        context.Validated();
    }

Best will be if you look at Thinktecture examples.

like image 172
jan salawa Avatar answered Oct 27 '22 00:10

jan salawa
Sign in to Comment

Related questions

Parsing HTML with CSQuery
Retrieving property type from CodeProperty in T4 template
Best performance for ObservableCollection.AddRange
In C# Can I stop an object from being garbage collected, from the finalizer?
C# Inline initialization of an IGrouping [duplicate]
Cannot create a file when it already exists using File.Move
At least one property must be mapped Entity Framework 6 Error
Bound WPF TextBox is not updating value when the bound property enforces some business rules
How can I perform "Go To Definition" programmatically in Visual Studio?
Integration testing with LocalDB
Single-sign-on: Which direction should I go?
Entity Framework 6 Code First - Custom Type Mapping
C# Error : Use of unassigned local variable
Index out of range exception vs argument out of range exception
Financial.IRR not calculated in C#
scriptreference named respond no longer works
Passing a model property to a partial view
Background Worker ReportProgress not firing
Async/Await Execution Difference
Why do partial methods support ref but not out parameters [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!