0

I have seen a lot of solutions on having OAuth user authentication as well as Token authentication through POST headers/request body. But I would like to ask how can I implement a token authentication by inserting into the url? Is it something about the controllers? For example if the original endpoint is api.mysite.com/action, and I would like to make it become api.mysite.com/tokenSOMETOKENHERE/action

if token is wrong/not given, respond a custom unauthorized response.

The idea was from the Telegram's bot API. The token is passed to the URL so that people can use HTTP GET request instead of POST.

Improve this question
1
  • What do you mean by how ? Yes the code to extract the token would be in the controller. Once you have the token respond as you wish, whats stopping you ? Commented Jan 20, 2018 at 6:11

2 Answers 2

Reset to default
2

You can set route confing with token template, and add the filter to get the token value and do your stuff with token(i.e. authentication)

Route config,

routes.MapRoute(
                name: "Default",
                url: "{token}/{controller}/{action}/{id}",
                defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
            );

Authentication filter class,

public class TokenAuthenticationFilter : ActionFilterAttribute, IAuthenticationFilter
{
    public void OnAuthentication(AuthenticationContext filterContext)
    {
        string token = Convert.ToString(filterContext.RouteData.Values["token"]);
        // do your authentication stuff            
    }

    public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
    {
        throw new NotImplementedException();
    }
}

Filter decorated to controller,

[TokenAuthenticationFilter]
public class HomeController : Controller
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

If you want to use any build in authorization plugin which make use of http headers to transfer token, you can actually read token from url and transfer it to the proper header using Owin service, so that operation would be transparent for AuthorizationFilter.

Example of moving token from query to header:

public void ConfigureAuth(IAppBuilder app)
{
    app.Use(async (context, next) =>
        {
            if (context.Request.QueryString.HasValue)
            {
                if (string.IsNullOrWhiteSpace(context.Request.Headers.Get("Authorization")))
                {
                    string token = context.Request.Query.Get("auth");

                    if (!string.IsNullOrWhiteSpace(token))
                    {
                        context.Request.Headers.Add("Authorization", new[] { string.Format("Bearer {0}", token) });
                    }
                }
            }

            await next.Invoke();
        });
  //rest of the method
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.