0

I have inherited an existing application. This application uses ASP.NET MVC 3. It has some APIs. Those APIs look like the following:

[AcceptVerbs(HttpVerbs.Post)]
[Endpoint]
public ActionResult AuthenticatePlayer(string username, string password)
{
  // Ensure that the user entered valid credentials
  if (Membership.ValidateUser(username, password) == false)
    return Json(new { statusCode = StatusCodes.INVALID_CREDENTIALS, message = "You entered an invalid username or password. Please try again." });


  // Get the profile of the person that just logged in.
  ProfileCommon userProfile = (ProfileCommon)(ProfileCommon.Create(username));
  if (userProfile != null)
  {
    string name = username;
    if (String.IsNullOrEmpty(userProfile.FirstName) == false)
      name = userProfile.FirstName;


    return Json(new {
      statusCode = StatusCodes.SUCCESS,
      payload = name,
      username = username.ToLower(),
    });
  }
}

[AcceptVerbs(HttpVerbs.Get)]
[Endpoint]
public ActionResult SomeUserAction(string q)
{
  // TODO: Ensure the user is authorized to perform this action via a token

  // Do something
  return Json(new { original = q, response = DateTime.UtcNow.Millisecond }, JsonRequestBehavior.AllowGet);
}

I'm trying to figure out how to integrate a token-based authorization schema into this process. From my understanding, a token-based system would return a short-lived token and a refresh token to a user if they successfully login. Then, each method can check to see if a user is authorized to perform the action by looking at the token. I'm trying to learn if this is built-in to ASP.NET MVC or if there is a library I can use. I need to figure out the shortest way to get this done.

Thank you so much!

Improve this question

2 Answers 2

Reset to default
2

I've built a WebAPI Token Authentication library a year ago, providing Token based authentication:

WebAPI Token Auth Bootstrap is out of the box Token based User Auth for WebAPI applications, Provides ready to use 'TokenAuthorize' Attribute and 'TokenAuthApiController' Controller.

Among its features - Token Based User Authentication User Property inside the TokenAuthApiController (Id, Username, Role, LastAccess).

Token Based User Authorization TokenAuthorizeAttribute with Access Level - Public, User, Admin or Anonymous.

Built-in Functionality Login(), Logoff(), Error(), Unauthorized() Responses with various overloads.

You can read more about here and in its own wiki in GitHub.

Nowadays I am working on a Node.js application and I am using Json Web Tokens (JWT) using Node.js library and it is very easy and straightforward.. its Node.js after all ;)

I saw there is a .NET implementation of JWT explained on this article which I recommend you to look at.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

apologized to ask a question on token based auth. i have seen people choose token based auth for web api project but hardly go for this approach when they develop any web site with MVC. so can u tell me why token based auth is right solution for web api because people can use form auth in web api too. thanks
0

You can use Owin ... i.e. Microsoft.owin.security

I haven't tried this implementation but this is just to give you an idea:

var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); 

return Json(new {
    statusCode = StatusCodes.SUCCESS,
    payload = name,
    username = username.ToLower(),
    accessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket)
});
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.