Forms Authentication to Generate Bearer Tokens for Web API?
We have a .NET web forms project using sql membership forms authentication that is running our website. We are now trying to create a Web API 2 project and would like users using the API to authenticate their API calls with their credentials on the website.
- Do we need to update our site before Identity authentication? ... or
- Is it possible to use our existing membership / forms authentication to authenticate the user and then provide them with a token that they can use for subsequent calls?
Anyway, how to implement this scenario?
Thanks for any help!
+3
source to share
1 answer
- No need to update ASP.NET Identity, you can work with a membership provider.
- You can use your legacy membership provider to validate your username and password by looking at the code below, you need to change the line of code prefixed with (**) with the memebership.validate method, etc.
You can read more about this in my detailed token based token
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (AuthRepository _repo = new AuthRepository())
{
**IdentityUser user = await _repo.FindUser(context.UserName, context.Password);**
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
+2
source to share