I have a website which contains lot of user informations. I want to share those with client website through proper authentication. As I am going to develop this api using asp.net mvc 4, I selected DotnetOauth for providing authentication.
If a website want to access my data from website, they have to register with my developer website, after the registration that website will generate Consumer key and Secret Key. After the registration, for each api request the client will pass these keys. Up to this is done.
Using this Consumer Key and Secret Key, client will send api request and if the valid token is not available in the request, it will redirect to login page. After the successful login, a token will generate and client can use this token for furthor request up to the expiry.
Anybody have idea about creating token based on Consumer Key and Secret Key with the help of DotnetOauth. Iam using Asp.net MVC
Thanks
In order to create an access token using DNOA, you should implement the interface IAuthorizationServerHost. The method CreateAccessToken is the responsible of creating the token.
I recommend you to download DotNetOpenAuth samples, and have a look to 'OAuthAuthorizationServer' project.
Hope this help.
Related
I have a Next.js website I'm working on and a dotnet core API connected to a SQL Server database. I have a login page and intend to create a page to add new users and was wondering how I could do this using dotnet core identity? I added the NextAuth.js package thinking I could utilize it, however it seems to work best if connecting directly to the database and not go through an API.
I managed to return the token to NextAuth.js but I don't know where to go from there. How can I use next-auth to manage the session? Or is there a better way to go about doing this without using NextAuth.js?
My reason for using dotnet core identity is because it already has support for roles and setup is fairly simple and makes authorizing different sections of the API easy. Based on a user's role, they should be authorized to access certain routes or view certain pages.
I tried looking at the following doc from microsoft Intro to auth for SPA, but it's not exactly clear to me how I can manage the session.
First, generally, when we using JWT authentication, the workflow as below:
Client sends a request (which contains the user information, such as: name and password) to server for token
Server receives the user information and checking for authorization. If validated success, server generates a JWT token.
Client receives the token and stores it somewhere locally.
Client sends the token in the future requests.
Server gets the token from request header, computes Hash again by using a) Header from token b) payload from token c) secret key which server already has.
If ("newly computed hash" = "hash came in token"), token is valid otherwise it is tempered or not valid
After configure your application uses Identity and JWT authentication. When a User login, you could send the user information to the server side and check if the current user is valid or not, then generate a JWT token, and on the client side you could store the token in the web storage. After that, when you want to access the resource by passing this token into the authentication HTTP header. More detail information, please refer to the following article: JWT Authentication In ASP.NET Core
I need to develop an external API, and I want to implement authentication with a client ID and a secret key just like Facebook, Twitter, Google and Microsoft do.
I have read some tutorials about OAuth2, but his generated token is temporary, and clients need to pass the username and password to get a token.
So, what I want is to give a client ID and a secret key to every client that will use my API, and they should pass this data on every method they call. Before returning the result, API checks if the request is valid.
What is the best way to do this?
I think what you're looking for is 'Basic Authentication'. Here's a very simple tutorial to follow in order to fulfill your requirements: http://www.c-sharpcorner.com/blogs/basic-authentication-in-webapi
It goes without saying that you should set your site to force https so that the credentials in request header are encrypted.
I'm in the process of converting a website from using a third-party identity provider to use ASP.NET Identity 2 instead. The site currently does not use any OWIN middleware but simply passes user-provided credentials to the identity provider. We then create a session token if the credentials are correct, and we use the session token on subsequent requests to reconstruct the user's session.
My goal is to get away from using the third-party provider with the minimum of code changes, so my idea is to use the UserManager class in ASP.NET Identity as a drop-in replacement for our third-party provider. In other words, we wouldn't use any Startup.Auth.cs magic to configure automatic challenge-response or cookie setting/validation middleware. We would simply take the user-provided credentials, test them using UserManager.FindAsync, and then continue using our existing flow.
My problem comes with dealing with Facebook logins. Currently, we show a login dialog that, upon successful login, sends us a Facebook token. We then send this token to the third-party provider, who validates it and magically turns it into an email address, first name, and last name. I can't figure out how to do this myself.
I see that if I use the out-of-the-box sample application for ASP.NET Identity, it will do the same thing via OWIN middleware. What I don't see is any way for me to take the token and use some classes somewhere in ASP.NET Identity to convert the token into usable data myself, manually.
(Note: I do see that I can use the Facebook Graph API along with my app ID, app secret, and user token, to recover the name of the user, but I don't get the email address, so something about this approach must be different from what the OWIN middleware is doing.)
Therefore, my questions are:
How do I do manually validate and decode the Facebook token in the same way that ASP.NET Identity OWIN middleware is doing it?
Is this a really dumb idea?
Thanks in advance for any help.
I am able to add Web API in my existing Web Form website project using approach given at http://www.kashyapas.com/2013/05/16/web-api-in-asp-net-web-forms-application/
Now I want to add token based authentication for my API. Please help me to add it?
Mainly client will pass username and password. After authentication for all further requests client should pass toke to access information.
Thank you
I am going through Web Api in Asp.Net using Visual Studio 2013.I am using Asp.Net Web Api Template.I am able to build a simple client that can register and login with the API.I got Bearer Token When user login and i send this token in header for accessing data from my API.Now i wanted to know how this Token in get/post request is working in API side.
When i made this API work with Windows Azure Storage I have not seen any table that saves these token corresponding to users.so where these token goes.
I can't speak for these particular tokens, however other token frameworks that I used (DotnetOpenAuth) just encrypt the username and access scope and create a ticket out of it.
It is similar to what the Forms Authentication module does. There is also no table to map issued cookies to users and this is because the cookie can just be decrypted at the server side.
Think about the token as a standalone encrypted information rather than an internal id to data that has to be persisted at the server side.