Sunday, 28 January 2018

Web API Token Based Authentication


In this article, I will tell you how to create token based authentication in WEB API using OWIN easily.


Authentication and authorization is very much important in every project. There are so many articles already written for authentication in web apin. Therefore, in this article I will tell you how to create token based authentication in Web Api using OWIN within 10 minutes. 

First I will tell you 

1. What is Token Based Authentication : 

In Token based authentication users allows to enter username and password to obtain a token which allows them to fetch a specific resource without using their username and password. Once their token has been retrieved, the user can offer the token – which offers access to a specific resource for a time period

2. OWIN (Open Web Interface for .NET) :

OWIN defines a standard interface between .NET web servers and web applications. You will get more information from

Advantages of OWIN

1. Scalable: The token itself holds all encrypted user info, so adding more servers to your web farm is an easy task.

2. Mobile Friendly: Comparing with cookies, storing token in native mobile platforms or browsers could be a standard way.

3. Decoupled: Any server providing token Auth service could be an alternative option.You can plug any middlewares (and as many as you want) between the webserver and your application.

4. Safer: CSRF Attack Prevent.

5. Performance: Decoding token to get use info is usually faster than querying DB.

Disadvantages of OWIN

Need additional code to store and send token.

Using the code

1. Create WEB API Application  : 

First we will create empty WEB API application using visual studio 2017

2. Package Installation :

 We will add below package to our solution

Install-Package Microsoft.AspNet.WebApi.Owin -Version 5.2.2
Install-Package Microsoft.Owin.Host.SystemWeb -Version 2.1.0
Install-Package Microsoft.AspNet.Identity.Owin -Version 2.0.1
Install-Package Microsoft.AspNet.Identity.EntityFramework -Version 2.0.1
Install-Package Microsoft.Owin.Security.OAuth -Version 2.1.0
Install-Package Microsoft.Owin.Cors -Version 2.1.0

3. Create below cs files in your project

1.Add below code in WebApiConfig

2. Add below token based configuration in Startup.cs

3 Create new class SimpleAuthorizationServerProvider which will inherit OAuthAuthorizationServerProvider class which has two methods ValidateClientAuthetication and GrantResourceOwnerCredential

4. Add new Web Api controller. Give name as TokenTestController

4.Testing Token based authentication using POSTMAN

1. We will access token using token method

2. Then we will try to access /api/TokenTest/Authorize method directly without token. It will respond 401 as expected.

3. We will again send above request  along with the token from above #1 and we will get respond 200 as expected. As we have implemented token based authentication

Happy Programming!!

Don’t forget to leave your feedback and comments below!

If you have any query mail me to     

Sujeet Bhujbal