All geek questions in one place

Sign in from Universal App to Web Api using Live Id

I am trying to implement the following functions:

  • The user goes to the Live Id account from the Windows Phone 8.1 (or Universal) application.
  • App accesses Web Api which I am developing using ASP.NET Web Api 2
  • In this web api, I need to authenticate the user.
  • Later I want to authenticate the same user in a web application.

Here is what I am doing and it is not working.

In my Windows Phone app:

var authClient = new LiveAuthClient("http://myservice.cloudapp.net"); LiveLoginResult result = await authClient.LoginAsync(new string[] { "wl.signin" }); if (result.Status == LiveConnectSessionStatus.Connected) { connected = true; var identity = await ConnectToApi(result.Session.AuthenticationToken); Debug.WriteLine(identity); }

And then

 private async Task<string> ConnectToApi(string token) { using (var client = new HttpClient()) { client.BaseAddress = new Uri("http://myservice.cloudapp.net/"); client.DefaultRequestHeaders.Accept.Clear(); client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); // HTTP GET HttpResponseMessage response = await client.GetAsync("api/values"); if (response.IsSuccessStatusCode) { string result = await response.Content.ReadAsStringAsync(); return result; } else return response.ReasonPhrase; } }

And then in my web api I have the following

 public void ConfigureAuth(IAppBuilder app) { app.UseMicrosoftAccountAuthentication( clientId: "my client id", clientSecret: "my secret"); }

I registered http://myservice.cloudapp.net as a redirect URL.

The problem is that authentication does not work, the web api actions do not recognize the user.

+2
source share
1 answer

I realized that this is absolutely wrong. First, I really need to use the app.UseJwtBearerAuthentication method. An example was found here http://code.lawrab.com/2014/01/securing-webapi-with-live-id.html . But when I tried, I got this error on output

IDX10500: Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier ( IsReadOnly = False, Count = 1, Clause[0] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause )

It took me a while until I found this post: JwtSecurityTokenHandler 4.0.0 Breaking changes?

Combining these things, I got a solution that now works in my test environment:

 public void ConfigureAuth(IAppBuilder app) { var sha256 = new SHA256Managed(); var sKey = "<Secret key>" + "JWTSig"; var secretBytes = new UTF8Encoding(true, true).GetBytes(sKey); var signingKey = sha256.ComputeHash(secretBytes); var securityKeyProvider = new SymmetricKeyIssuerSecurityTokenProvider("urn:windows:liveid", signingKey); var securityKey = securityKeyProvider.SecurityTokens.First().SecurityKeys.First(); var jwtOptions = new JwtBearerAuthenticationOptions() { //AllowedAudiences = new[] { "<url>" }, //IssuerSecurityTokenProviders = new[] //{ // new SymmetricKeyIssuerSecurityTokenProvider("urn:windows:liveid",signingKey) //}, TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters() { IssuerSigningKeyResolver = (token, securityToken, keyIdentifier, validationParameters) => { return securityKey; }, ValidAudience = "<url>", ValidIssuer = securityKeyProvider.Issuer } }; app.UseJwtBearerAuthentication(jwtOptions); }
+2
source

Source: https://habr.com/ru/post/974190/

More articles:


All Articles