I have a .NET MVC project and a WEB API . I want to call the WEB API controllers from javascript, but I have not found a way to send a token to my views. I want to add a bearer token in Viewbag using the following code:
protected override void OnActionExecuting(ActionExecutingContext filterContext) {
In _Layout.cshtml I added the following code to set the Authorization header for all ajax requests:
<script type="text/javascript"> window.token = '@Viewbag.BearerToken'; // Add Authorization header on ajax requests if(window.token) { (function setAjaxRequestsAuthorizationHeader(token) { $.ajaxPrefilter(function onAjaxPrefilter(options) { if (!options.beforeSend) { options.beforeSend = function onBeforeSend(xhr) { xhr.setRequestHeader('Authorization', 'Bearer ' + token); } } }); }(window.token)); window.token = null; } </script>
Below is my way to configure Startup:
public void ConfigureAuth(IAppBuilder app) { // Configure the db context, user manager and signin manager to use a single instance per request //app.CreatePerOwinContext(ApplicationDbContext.Create); app.CreatePerOwinContext(AppDbContext.Create); app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create); // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new CookieAuthenticationOptions { AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), Provider = new CookieAuthenticationProvider { // Enables the application to validate the security stamp when the user logs in. // This is a security feature which is used when you change a password or add an external login to your account. OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, User, int>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager), getUserIdCallback: id => id.GetUserId<int>()) } }); app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); PublicClientId = "self"; OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), // In production mode set AllowInsecureHttp = false AllowInsecureHttp = true }; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie); }
To get token , I also tried (in MVC controller methods):
var token = new ClaimsPrincipal(User.Identity).Claims.FirstOrDefault(x => x.Type == "access_token")?.Value;
But the value of the variable token is always null.
I also checked all requirements values, but I did not find any possible tokens.
How to send token to controller views ?
solvable
I solved the problem by following these steps:
In Startup.Auth.cs I added the following static property:
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
I created an extension method for the ApplicationUser class:
public static async Task<ClaimsIdentity> GenerateUserIdentityAsync(this ApplicationUser user, UserManager<ApplicationUser, int> manager, string type) { // Note the authenticationType must match the one defined in CookieAuthenticationOptions.AuthenticationType var userIdentity = await manager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie); // Genereate Bearer token if (manager is ApplicationUserManager && type == DefaultAuthenticationTypes.ApplicationCookie) { var accessTokenFormat = Startup.OAuthOptions.AccessTokenFormat; if (accessTokenFormat != null) { IDictionary<string, string> data = new Dictionary<string, string> { ["userName"] = user.UserName }; AuthenticationProperties properties = new AuthenticationProperties(data); AuthenticationTicket ticket = new AuthenticationTicket(userIdentity, properties); var token = accessTokenFormat.Protect(ticket); userIdentity.AddClaim(new Claim("Access_Token", token)); } } return userIdentity; }
I changed the OnActionExecuting method to send the token to the client:
protected override void OnActionExecuting(ActionExecutingContext filterContext) { if (Request.IsAuthenticated) { var identity = (ClaimsIdentity)User.Identity; ViewBag.BearerToken = identity.Claims.FirstOrDefault(x => x.Type == "Access_Token")?.Value; } }
In Startup.Auth.cs use the extension method created in step 2 when creating the Identity :
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser, int>( validateInterval: TimeSpan.FromMinutes(30), regenerateIdentityCallback: (manager, user) => user.GenerateUserIdentityAsync(manager, DefaultAuthenticationTypes.ApplicationCookie), getUserIdCallback: id => id.GetUserId<int>())