Fetch user data from web token api auth in MVC
I am using webapi project as my auth server as well as resource server. The goal is to access the serial form of an Android application. I also need a web interface that is written in an MVC application. I originally used the default MVC but migrated to the web share by handing out tokens. I can get an authentication token from the webapi service and I send the token to the client in a cookie, although I can just cache the client side. I currently have the following OAuthBearerAuthenticationProvider running:
public class CookieOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
public override Task RequestToken(OAuthRequestTokenContext context)
{
base.RequestToken(context);
var value = context.Request.Cookies["AuthToken"];
if (!string.IsNullOrEmpty(value))
{
context.Token = value;
}
return Task.FromResult<object>(null);
}
}
and in my launch class I have this method:
private void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new CookieOAuthBearerProvider(),
});
}
which I am calling in the config method.
The bit that seems to be missing is how to use my token on the logged in user. I can't figure out where the deserialization is happening. I tried changing my configoutAuth to:
private void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new CookieOAuthBearerProvider(),
AccessTokenProvider = new AuthenticationTokenProvider()
{
OnReceive = receive
}
});
}
public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
{
c.DeserializeTicket(c.Token);
c.OwinContext.Environment["Properties"] = c.Ticket.Properties;
});
and my getter is called. My token is included in AuthenticationTokenReceiveContext but DeserializeTicket returns null. Can anyone please advise what I am missing to get user information using this token?
UPDATE as per suggested answer below. Statrup and OAuthBearerAuthenticationOptions code now looks like this:
public class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
private void ConfigureAuth(IAppBuilder app)
{
OAuthOpt = new OAuthBearerAuthenticationOptions()
{
Provider = new CookieOAuthBearerProvider(),
AccessTokenProvider = new AuthenticationTokenProvider()
{
OnReceive = receive
}
};
app.UseOAuthBearerAuthentication(OAuthOpt);
}
public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
{
var ticket = OAuthOpt.AccessTokenFormat.Unprotect(c.Token);
});
public static OAuthBearerAuthenticationOptions OAuthOpt { get; private set; }
}
but i am still getting null. Am I missing some relevant setting in the OAuthBearerAuthenticationOptions?
source to share
Try it.
Save OAuthBearerAuthenticationOptions
that you create inline for a static variable named OAuthOpt
(or whatever) in Startup.Auth
and use the code below wherever you want to get user information.
Microsoft.Owin.Security.AuthenticationTicket ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);`
I suggest you use Json Web Tokens (JWT)
and customize your marker generation with CustomOAuthProvider
. Here is a good resource from Taiseer Joudeh on how to do this. You will need to use this nuget package to decode the bearer tokens.
source to share