All geek questions in one place

How to get authorization code with OWIN, OAuth and web API?

I followed this post: Token-based authentication using ASP.NET Web API 2, Owin, and Identity . Now I have a standalone "server" web API that can successfully authenticate users and returns an access token when I send it a username / password. Then I can use the access token to access the protected data (in the blog post I can access the Order).

At the moment, the client from whom I sent the username / password to get the access token is a console application.

I want to add a little more complicated, and before I get an access token, I would like to get an authorization code. But I can not find any example on how to do this. From what I read, I have to send a GET request, structured as follows:

/ authorization response_type = code &? Client_id = <ClientID>

This is what I am doing from my console application:

using (var client = new HttpClient())
{
    var response = await client.GetAsync("http://localhost:63828/authorize?response_type=code&client_id=" + Guid.NewGuid());

    var responseString = response.Content.ReadAsStringAsync().Result;
}

But I get an error message:

Resource is not found.

[HttpException]: '/authorize' IController.     System.Web.Mvc.DefaultControllerFactory.GetControllerInstance(RequestContext requestContext, Type controllerType)     System.Web.Mvc.DefaultControllerFactory.CreateController(RequestContext requestContext, String controllerName)     System.Web.Mvc.MvcHandler.ProcessRequestInit(HttpContextBase httpContext, IController & controller, IControllerFactory & factory)     System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContextBase httpContext, AsyncCallback, )     System.Web.Mvc.MvcHandler.BeginProcessRequest(HttpContext httpContext, AsyncCallback, )     System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.BeginProcessRequest( HttpContext, AsyncCallback cb, extraData)     System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()     System.Web.HttpApplication.ExecuteStep( IExecutionStep, )

Startup.cs Web API:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        HttpConfiguration config = new HttpConfiguration();

        ConfigureOAuth(app);

        WebApiConfig.Register(config);
        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        app.UseWebApi(config);
    }

    public void ConfigureOAuth(IAppBuilder app)
    {
        OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AuthorizeEndpointPath = new PathString("/authorize"),
            ApplicationCanDisplayErrors = true,
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new SimpleAuthorizationServerProvider()
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(OAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}

, , , "/authorize", ... "/" , .

, ?

+4
1

, OAuth2, , , : / (, MVC Nancy) OAuthAuthorizationServerProvider.AuthorizationEndpoint.

, , MVC- .

+2

Source: https://habr.com/ru/post/1622284/

More articles:


All Articles