Geek Answers Handbook

Web API Token Icons - Can I Use Custom Tokens?

I am protecting a web API site and I want to use tokens. But I work with an outdated database where there is a user table, and each user already has a token created for them and stored in the table.

I'm trying to figure out if I can use the oAuth identifier identifier token identifiers, but connect it all to my existing database so that

  • Providing a token just returns the token for this user from db
  • I can verify the token by looking at it in db and creating an identity from the user (I use the ASP.NET identifier elsewhere on the site for the MVC side)

I can’t figure out if this will be possible, or if I should refuse and use the standard HTTP handler approach. Here is my pretty standard code so far, which just issues standard tokens, not the ones I want to work with.

OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new SimpleAuthorizationServerProvider() }; // Token Generation app.UseOAuthAuthorizationServer(OAuthServerOptions); var bearerAuth = new OAuthBearerAuthenticationOptions() { Provider = new OAuthBearerAuthenticationProvider() }; app.UseOAuthBearerAuthentication(bearerAuth); public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider { public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated(); } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); var manager = new UserManager<User, long>(new UserStore(new UserRepository())); var user = await manager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); } else { var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim("name",user.Email)); context.Validated(identity); } } }
+7
authentication c # asp.net-web-api asp.net-identity owin
source share
1 answer

Answering my own question;)

Yes it is possible. This basically requires you to sort the Token user provider and implement your logic there. Good example:

https://github.com/eashi/Samples/blob/master/OAuthSample/OAuthSample/App_Start/Startup.Auth.cs

+6
source share

More articles:


All Articles