Geek Answers Handbook

How do you create a token carrier to call the remote web API

I have two sites - a site on which users register and manage their account and a site on which there is no user interface, and nothing more than an API for storing and retrieving content. Both of these sites use the same Owin ASP.Net Identity 2.0 configuration. The UI site uses cookies for obvious reasons, and the API site uses carrier tokens. I need to be able to call API methods / URLs from a user interface site with current user authentication. In short, I need to create a valid Bearer token on the user interface site in order to add Rest Rest calls to the HTTP headers.

I was looking for a way to use "trusted" client authentication and call the Token API URL to create a Bearer token, or since both sites use the same code, and the user table calls the Owin method to generate the Toner media in the code of the user interface sites, which I can pass to the API headers, and the API site sees it as a valid token.

If you need more information, just let me know.

Update: Please see the updated answer below with the correct way to do this using the implicit oAuth stream.

+8
owin asp.net-web-api2 asp.net-identity-2 bearer-token
source share
1 answer

I eventually found this article and followed its code example to create my own OAuth authorization server. With it, we can request user tokens on behalf of users using a trusted client identifier and secrets shared with our UI site and OAuth server.

http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

Update 1: After working with functionality and things, I came across what creates tokens. Owin has a TicketDataFormat class that does all the magic. It takes one parameter in the constructor and is an IDataProtector. If the Owin resource server uses the default AccessTokenFormat (TicketDataFormat) by default in its intermediate parameters; along with the default DataProtector, you can replicate token creation on your client side. BTW, by default, DataProtector uses MachineKey, so your two trusted sites should have the same MachineKey installed in the web.config file. All untrusted or partially trusted sites should use the standard oAuth streams specified in the link above.

var protector = app.CreateDataProtector(typeof(OAuthAuthorizationServerMiddleware).Namespace, "Access_Token", "v1"); var tdf = new TicketDataFormat(protector); var ticket = new AuthenticationTicket(){ ... }; var accessToken = tdf.Protect(ticket);

Update 2: The recommended and really the only way you should do this: oAuth, using an implicit stream with your client, with the correct scopes and response type set.

IdentityServer3 docs have very well-documented tutorials that made us work and work in a very short time. Specifically, the API call on behalf of the user in Getting Started: MVC Authentication and Web API .

+11
source share

More articles:


All Articles