It's an asp.net web application showing how to secure ASP.NET Web API using Token Based Authentication and 2 step login verification without using ASP.NET Identity
EmployeesDB which contains two tables; one for the system users, and one for the employees (some secured data)
Note: Don't save passwords as plain text in real applications, it's only in this example for simplicity.
A secured service to verify logged in users, and another service to fetch employees data upon user request
Three html pages; a Login page for the 1st step, where the user got a token to be used in the 2nd step in the Verify page. After being verified, the user get a new token to be able to explore the site and get the employees in Index page
Note: In real applications, don't send sensitive data through HTTP Request/Response without being encrypted nor using SSL
To define the required application and server configurations, such as database connection string
Note: In real applications, you should store the connection string and any sensitive data securely, as described in Connection Strings and Configuration Files
-
Using Visual Studio 2015, create
Web API
Empty
ProjectFile menu > New > Projet > ASP.NET web application > enter application name & project location > OK > Empty template & Web API Checkbox ticked > OK
-
Install the needed NuGet Packages responsible for implementing token based authentication:
- Microsoft.Owin.Host.SystemWeb
- Microsoft.Owin.Security.OAuth
- Microsoft.Owin.Cors
To open NuGet: Go to Solution Explorer > Right Click on References > Manage NuGet packages > Search for these three Packages
-
Add a database having
Users
table andEmployess
table to be used in the test -
Add a class to represent OAuth Provider for validating the user credentials and generate token (i.e Provider/ ApplicationOAuthProvider.cs)
Go to solution explorer > Right click on the Project Name > Add > New Item > Select Class & enter its name > Add
-
Add OWIN Start Up class to the root of the project. In this class we can configure OAuth Authorization Server, and it will be fired once our server starts
Go to Solution Explorer > Right Click on Project Name > Add > New Item > Select OWIN Startup class > Enter class name > Add
-
Add the client pages that represent the flow of the login process, as illustrated from the package files: Login.html > Verify.html > Index.html where I used Jquery for sending ajax requests and populating the pages with the coming data