Web API Token Based Authentication
Introduction
In this article, I will tell you how to create token based authentication in WEB API using OWIN easily.
Background
Authentication and authorization is very much important in every project. There are so many articles already written for authentication in web apin. Therefore, in this article I will tell you how to create token based authentication in Web Api using OWIN within 10 minutes.
First I will tell you
1. What is Token Based Authentication :
In Token based authentication users allows to enter username and password to obtain a token which allows them to fetch a specific resource without using their username and password. Once their token has been retrieved, the user can offer the token – which offers access to a specific resource for a time period
2. OWIN (Open Web Interface for .NET) :
OWIN defines a standard interface between .NET web servers and web applications. You will get more information from http://owin.org/
Advantages of OWIN
1. Scalable: The token itself holds all encrypted user info, so adding more servers to your web farm is an easy task.
2. Mobile Friendly: Comparing with cookies, storing token in native mobile platforms or browsers could be a standard way.
3. Decoupled: Any server providing token Auth service could be an alternative option.You can plug any middlewares (and as many as you want) between the webserver and your application.
4. Safer: CSRF Attack Prevent.
5. Performance: Decoding token to get use info is usually faster than querying DB.
Disadvantages of OWIN
Need additional code to store and send token.
Using the code
1. Create WEB API Application :
First we will create empty WEB API application using visual studio 2017
2. Package Installation :
We will add below package to our solution
Install-Package Microsoft.AspNet.WebApi.Owin -Version 5.2.2
Install-Package Microsoft.Owin.Host.SystemWeb -Version 2.1.0
Install-Package Microsoft.AspNet.Identity.Owin -Version 2.0.1
Install-Package Microsoft.AspNet.Identity.EntityFramework -Version 2.0.1
Install-Package Microsoft.Owin.Security.OAuth -Version 2.1.0
Install-Package Microsoft.Owin.Cors -Version 2.1.0
3. Create below cs files in your project
1.Add below code in WebApiConfig
Add caption |
2. Add below token based configuration in Startup.cs
3 Create new class SimpleAuthorizationServerProvider which will inherit OAuthAuthorizationServerProvider class which has two methods ValidateClientAuthetication and GrantResourceOwnerCredential
4. Add new Web Api controller. Give name as TokenTestController
4.Testing Token based authentication using POSTMAN
1. We will access token using token method
2. Then we will try to access /api/TokenTest/Authorize method directly without token. It will respond 401 as expected.
3. We will again send above request along with the token from above #1 and we will get respond 200 as expected. As we have implemented token based authentication
Happy Programming!!
Don’t forget to leave your feedback and comments below!
Regards
Sujeet Bhujbal
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------