Web API 2.2 (edit)
ASP.NET WEB API OAuth 2.0 Token Based Authentication: Grant Resource Owner Credentials
GET: http://localhost:1231/api/values (Authorization: Bear ...)
POST: http://localhost:1231/token (application/x-www-form-urlencoded) {username: test@gmail.com, password: 123@Abc, grant_type: password}
https://www.codeproject.com/Articles/1187872/Token-Based-Authentication-for-Web-API-where-Legac
NuGet Packages
Install-Package EntityFramework -Version 6.3.0
Install-Package Microsoft.AspNet.WebApi.Owin -Version 5.2.2
Install-Package Microsoft.Owin.Security -Version 3.0.0
Install-Package Microsoft.AspNet.Identity.Owin -Version 2.1.0
Install-Package Microsoft.Owin.Host.SystemWeb -Version 3.0.0
Install-Package Swashbuckle -Version 5.2.2
WebApiConfig.cs
using Microsoft.Owin.Security.OAuth; using System; using System.Collections.Generic; using System.Linq; using System.Web.Http; namespace WebApi2 { public static class WebApiConfig { public static void Register(HttpConfiguration config) { // Web API configuration and services // Configure Web API to use only bearer token authentication. config.SuppressDefaultHostAuthentication(); config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); // Web API routes config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); } } }
Startup.cs
using Microsoft.Owin; using Owin; [assembly: OwinStartup(typeof(WebApi2.Startup))] namespace WebApi2 { public partial class Startup { public void Configuration(IAppBuilder app) { ConfigureAuth(app); } } }
Startup.Auth.cs
using Microsoft.Owin; using Microsoft.Owin.Security.OAuth; using Owin; using System; using System.Collections.Generic; using System.Linq; using System.Web; namespace WebApi2 { /// <summary> /// https://www.codeproject.com/Articles/1187872/Token-Based-Authentication-for-Web-API-where-Legac /// </summary> public partial class Startup { public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; } public static string PublicClientId { get; private set; } // For more information on configuring authentication, // please visit http://go.microsoft.com/fwlink/?LinkId=301864 public void ConfigureAuth(IAppBuilder app) { // Configure the application for OAuth based flow PublicClientId = "self"; OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(10), // In production mode set AllowInsecureHttp = false AllowInsecureHttp = true }; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); } } }
Providers \ ApplicationOAuthProvider.cs
Snippet
using System; using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.Owin.Security; using Microsoft.Owin.Security.OAuth; namespace WebApi2 { public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider { private readonly string _publicClientId; public ApplicationOAuthProvider(string publicClientId) { if (publicClientId == null) { throw new ArgumentNullException("publicClientId"); } _publicClientId = publicClientId; } public override async Task GrantResourceOwnerCredentials (OAuthGrantResourceOwnerCredentialsContext context) { // TODO: MANH /*** Replace below user authentication code as per your Entity Framework Model *** using (var obj = new UserDBEntities()) { tblUserMaster entry = obj.tblUserMasters.Where <tblUserMaster>(record => record.User_ID == context.UserName && record.User_Password == context.Password).FirstOrDefault(); if (entry == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } } */ ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); ClaimsIdentity cookiesIdentity = new ClaimsIdentity(context.Options.AuthenticationType); AuthenticationProperties properties = CreateProperties(context.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } public override Task TokenEndpoint(OAuthTokenEndpointContext context) { foreach (KeyValuePair<string, string> property in context.Properties.Dictionary) { context.AdditionalResponseParameters.Add(property.Key, property.Value); } return Task.FromResult<object>(null); } public override Task ValidateClientAuthentication (OAuthValidateClientAuthenticationContext context) { // Resource owner password credentials does not provide a client ID. if (context.ClientId == null) { context.Validated(); } return Task.FromResult<object>(null); } public override Task ValidateClientRedirectUri (OAuthValidateClientRedirectUriContext context) { if (context.ClientId == _publicClientId) { Uri expectedRootUri = new Uri(context.Request.Uri, "/"); if (expectedRootUri.AbsoluteUri == context.RedirectUri) { context.Validated(); } } return Task.FromResult<object>(null); } public static AuthenticationProperties CreateProperties(string userName) { IDictionary<string, string> data = new Dictionary<string, string> { { "userName", userName } }; return new AuthenticationProperties(data); } } }
All packages
Install-Package Ninject.Web.WebApi -Version 3.2.4 + Install-Package Ninject -Version 3.2.4 + Install-Package Ninject.Web.Common -Version 3.2.4 Install-Package Ninject.Web -Version 3.2.1 Install-Package Ninject.Mvc5 -Version 3.2.1 Install-Package Ninject.WebApi.DependencyResolver -Version 0.1.4758.24814 Install-Package Swashbuckle -Version 5.2.2 + Install-Package Swashbuckle.Core -Version 5.2.2 Install-Package EntityFramework -Version 6.3.0 --------------------------------------------- ASP.NET Identity 2.1, ASP.NET Web API 2.2 --------------------------------------------- Install-Package Microsoft.AspNet.Identity.Owin -Version 2.1.0 Install-Package Microsoft.AspNet.Identity.EntityFramework -Version 2.1.0 Install-Package Microsoft.Owin.Host.SystemWeb -Version 3.0.0 Install-Package Microsoft.AspNet.WebApi.Owin -Version 5.2.2 Install-Package Microsoft.Owin.Security -Version 3.0.0 Install-Package Microsoft.Owin.Security.OAuth -Version 3.0.0 Install-Package Microsoft.Owin.Cors -Version 3.0.0 Install-Package Sendgrid -Version 5.0.0 + Install-Package SendGrid.SmtpApi -Version 1.1.3 Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.1 Install-Package Thinktecture.IdentityModel.Core -Version 1.3.0 Install-Package Microsoft.Owin.Security.Jwt -Version 3.0.0
