I created the Restful Web API for my (Android) mobile application, and now I'm trying to provide access to the API. I read about a week on this topic, and I got the whole spectrum - from those who say that it is impossible to protect the Restful API to those who say that Https (SSL) is enough.
Here I do not want to start a discussion about this. I installed OAuth or OAuth2, it doesn’t matter (as far as I read, OAuth seems to be the best choice, but in Microsoft tutorials they use OAuth 2, so I'm very confused), and yes, I know that they are completely different, but I'm so upset finding that I agree (I must admit that I convinced it a lot easier). As I said, I searched for about a week, and all I have is concepts (many of them). You send some data - a magic start - usually a username / password for the server, your data is processed, and you get the token back - the magic stops. There are many questions on SO on this topic, but most of the answers are not accurate (and, unfortunately, unusual). For example, I got this How to protect WEB API , good answers, but they don’t actually use them, or this Embed Web API with OAuth and a one-page application . I also got examples from Microsoft tutorials, but there is a lot of overhead in the code, and the part about OAuth is not entirely clear (which is sad, because the whole example should be about OAuth). I could post a lot of links that claim to talk about this topic, but they really don't help.
What I'm looking for is a simple, very simple example of ASP.NET OAuth (2) implementation. It would be great if I could just use it with a violinist, specify the username / password in the header and with grant_type: xxx I get the token back (a valid username / password can be hardcoded inside the project, so there is no need to implement the infrastructure Entity or any database on the backend). And it would be great if someone could explain to me how to use this token to authorize the user (I realized that I need to provide the Controller functions with the [Authorize] attribute, but how and where is this token check done?). But please don’t post any theory about OAuth, I don’t need it, here I am looking for the actual implementation of OAuth inside Asp.Net Web Api
thanks
source share