Web API Authentication in ASP.NET 5

c# asp.net authentication asp.net-web-api asp.net-core
11,774

Indeed, there'll be no OAuthAuthorizationServerMiddleware in ASP.NET 5.

If you're looking for the same low-level approach, you should take a look at AspNet.Security.OpenIdConnect.Server: it's an advanced fork of the OAuth2 authorization server middleware that comes with Katana 3 but that targets OpenID Connect, as you already figured out ( OAuth Authorization Service in ASP.NET Core).

https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server

OpenID Connect is itself based on OAuth2 and is basically a superset offering standardized authentication features. Don't worry: you can, of course, use ANY OAuth2 client with ANY OpenID Connect server, including AspNet.Security.OpenIdConnect.Server.

Don't miss the MVC 6 sample: https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server/tree/dev/samples/Mvc

app.UseJwtBearerAuthentication(new JwtBearerOptions
{
    AutomaticAuthenticate = true,
    AutomaticChallenge = true,
    Audience = "http://localhost:54540/",
    Authority = "http://localhost:54540/"
});

app.UseOpenIdConnectServer(options =>
{
    options.Provider = new AuthorizationProvider();
});

Good luck, and don't hesitate to ping me if you need help.

Share:
11,774

Related videos on Youtube

user1620696
Author by

user1620696

Updated on June 18, 2022

Comments

  • user1620696
    user1620696 almost 2 years

    I've been studying ASP.NET 5 for some time now and there is something I'm yet confused. To implement authentication in Web API 2 what I used to do was basically use the OWIN OAuth Authentication Server Middleware. It was simple to use, I could configure just what I needed and there wasn't a bunch of stuff I needed to put on the app without need for it.

    Now, at first I didn't find this in ASP.NET 5 and I thought it was a matter of time to wait the middleware to show up. But yesterday, reading on the issues on the Security repo I found out that apparently there is no intention to port this middleware to the new version of the framework.

    Instead, it seems people are encouraged to use Identity Server 3. I took a look on the project and although it is nice and has many usages I really prefer to configure just the minimum I need sometimes. Also, another drawback is that Identity Server 3 needs the full CLR, so if I need to use it in order to provide authentication on my application I would need to stop using Core CLR, which for me is a huge disadvantage since Core CLR is a lot more lightweight.

    So, if I don't want to use the Identity Server 3 on ASP.NET 5, how can I implement authentication for Web API if the OAuth Authentication Server middleware is gone? Has anyone been through that and found a way to deal with it?

    How to deal with authentication on ASP.NET 5 Web API without using Identity Server 3?

    • Mahesh Kava
      Mahesh Kava almost 9 years
      you don't necessarily have to use the Identity Server3 and instead build your own Authentication server which would return token on authentication
    • user1620696
      user1620696 almost 9 years
      So I would need to implement one OAuth authentication server myself?
    • Matt Roberts
      Matt Roberts about 8 years
      Identity server 4 targets core now: leastprivilege.com/2016/01/11/…
  • Kévin Chalet
    Kévin Chalet over 8 years
    Katana's authorization server had many unsolved bugs, still listed on the Codeplex tracker. I took a brief look at your fork and it seems that you've fixed none of them. If you're still looking for the "original authorization server", take a look at AspNet.Security.OpenIdConnect.Server, it offers the same experience but fixes all the known bugs Katana's server had.
  • partyelite
    partyelite about 8 years
    Hi, I have the same setup and it works on my dev machine. I have tried publishing it to server (test environment) and there I get an error "InvalidOperationException: IDX10803: Unable to obtain configuration from: 'localhost:5000/.well-known/openid-configuration'". I have installed HttpPlatformHandler and set my application pool to "No managed code". My site is bound to port 8890. Navigating to "localhost:8890" throws the error in Chrome and IE. When I run web.cmd from approot folder and navigate to "localhost:5000" it works but only in Chrome. IE gives the same error. Any help, plz?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Simple JWT authentication in ASP.NET Core 1.0 Web API
ASP.NET Core using custom authenticationhandler with cookieauthentication
Returning a 500 internal server error when code errors in asp.net 5 web api
How can I use HttpRequestMessage.CreateResponse<HttpError>() in ASP.NET 5
ASP.NET Core EventLog provider
Redirect to URL in ASP CORE
Authorization has been denied for this request. Always
How to pass Windows Authentication credential from client to Web API service
access cookie in _Layout.cshtml in ASP.NET Core
TempData null in asp.net core