Search This Blog

Sunday, 16 December 2018

Token Based Authentication in Web API using OWIN


Step 1: - Open Visual Studio 2015 => Go to File Menu => New => Project...

Step 2: - In the Installed Templates list, select Visual C# => Web

Step 3: - Select ASP.Net Web Application (.NET Framework) from the Web list => Type TokenAuthentication in the Name box and click OK

Step 4: - Select Empty template from ASP.NET Templates List and Check Web API check box under Add folders and core references for:































Step 5: - Right Click on Models folder => Add => New Items... => Expand Visual C# from Left Pane and Select Code => Select Class from Middle Pane => Type Author.cs in Name box => Click Add

Copy Past following code in Author.cs

namespace TokenAuthentication.Models
{
    public class Author
    {
        public int Id { get; set; }
        public string FirstName { get; set; }
        public string LastName { get; set; }
        public string Address { get; set; }
        public string Status { get; set; }

    }
}

Step 6: - Right Click on Controllers folder => Add => Controller... => Select Web API Controller - Empty => Click Add => Type DefaultController in Controller Name box => Click Add

Copy Past following code in DefaultController

using System.Collections.Generic;
using System.Web.Http;
using TokenAuthentication.Models;

namespace TokenAuthentication.Controllers
{
    public class DefaultController : ApiController
    {
        [HttpGet]
        [Authorize]
        public List<Author> GetAuthor()
        {
            List<Author> author = new List<Author>() {
                new Author() {Id=1,FirstName="Ram",LastName="G",Address="Malad",Status="A" },
                new Author() {Id=2,FirstName="Shyam",LastName="G",Address="Kandivali",Status="A" },
                new Author() {Id=3,FirstName="Ghanshyam",LastName="G",Address="Borivali",Status="A" }
            };
            return author;
        }
    }
}

Step 7: - Right click on References => Click on Manage NuGet Packages... => Click on Browse => Search bellow list one by one => Select result => Click on Install

Microsoft.Owin























Microsoft.Owin.Host.SystemWeb
























Microsoft.Owin.Security.OAuth
Microsoft.Owin.Security
























Microsoft.AspNet.Identity.Owin
























Microsoft.AspNet.WebApi.Cors
























Step 8: - Right Click on Project Root folder => Add => New Folder => Name "Provider"

Step 9: - Right Click on Provider folder => Add => New Items... => Expand Visual C# from Left Pane and Select Code => Select Class from Middle Pane => Type AuthorizationServerProvider.cs in Name box => Click Add

Copy Past following code in AuthorizationServerProvider.cs

using Microsoft.Owin.Security;
using Microsoft.Owin.Security.OAuth;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web.Http.Cors;

namespace TokenAuthentication.Provider
{
    [EnableCors(origins: "*", headers: "*", methods: "*")]
    public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
    {
        public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            context.Validated();
        }

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

            //Write you DB logic here
            if (!context.UserName.Equals("Ram") && !context.Password.Equals("password@123"))
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
            }
            else
            {
                var propertyDictionary = new Dictionary<string, string> {
                {
                    "userName", context.UserName
                }};
                var identity = new ClaimsIdentity(context.Options.AuthenticationType);
                var properties = new AuthenticationProperties(propertyDictionary);
                var ticket = new AuthenticationTicket(identity, properties);
                context.Validated(ticket);
            }
        }
    }
}

Step 10: - Right Click on Project Root folder => Add => New Items... => Expand Visual C# from Left Pane and Select Code => Select Class from Middle Pane => Type Startup.cs in Name box => Click Add

Copy Past following code in Startup.cs

using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
using Owin;
using System;
using System.Web.Http;
using TokenAuthentication.Provider;

namespace TokenAuthentication
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureAuth(app);
        }

        public void ConfigureAuth(IAppBuilder app)
        {
            var OAuthOptions = new OAuthAuthorizationServerOptions
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = new PathString("/token"),
                AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20),
                Provider = new AuthorizationServerProvider(),
            };

            app.UseOAuthBearerTokens(OAuthOptions);
            app.UseOAuthAuthorizationServer(OAuthOptions);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

            HttpConfiguration config = new HttpConfiguration();
            WebApiConfig.Register(config);
        }
    }
}

Step 11: - Open/Expand App_Start folder => Open WebApiConfig.cs file => Add following line

using System.Web.Http;
using System.Web.Http.Cors;

namespace TokenAuthentication
{
    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // Web API configuration and services
            EnableCorsAttribute cors = new EnableCorsAttribute("*", "*", "*");
            config.EnableCors(cors);

            // Web API routes
            config.MapHttpAttributeRoutes();

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
        }
    }
}
All Done

Run Project

Step 12: - Launch Postman

Step 13: - Copy Past following URL in URI and Value in Body tab and Hit Send button

http://localhost:2401/token
username   -    Ram
password   -    password@123
grant_type -    password























Note: -

If following error occurred open Manage NuGet Packages... and Search Newtonsoft.Json in Browse tab and update it.

Server Error in '/' Application.
Could not load file or assembly 'Newtonsoft.Json, Version=10.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)





















Step 14: - Copy Past following URL in URI and Copy Past Step 13 access_token in Header tab and Hit Send button

http://localhost:2401/api/default/GetAuthor

Authorization   -   Bearer aS-EG9TpOvp92hLStw9yFjvuthNWSlkbnrc3JvnyZ4reM3CDEMIY3HkNK4r-g2eeX91ci6IGm--9Y4pCAV9Pfo-n9luN8kJlQ3U1ZLMeBB3rxQ8x_HjwiVWPJPSHwUaSyzdT4-WfwScZUDtiFZ2kvd0IMOwUjh_VKxZyjEYvmWAE2gi2ioAr0wW4ehnDmXilNqz03x-a8_u9hmqjxw3Ulg


Refresh Token in Web API using OWIN


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)