Skip to content
/ 2StepLoginVerification Public
forked from aelbasioni/2StepLoginVerification

Securing ASP.NET Web API using Token Based Authentication through 2 step without using ASP.net Identity

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jay92b/2StepLoginVerification

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits

2StepVerification

2StepVerification

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

2StepVerification.sln

2StepVerification.sln

 
 

readme.md

readme.md

 
 

Repository files navigation

2 Step login verification application

It's an asp.net web application showing how to secure ASP.NET Web API using Token Based Authentication and 2 step login verification without using ASP.NET Identity

Project anatomy

Database

EmployeesDB which contains two tables; one for the system users, and one for the employees (some secured data)

Note: Don't save passwords as plain text in real applications, it's only in this example for simplicity.

Web API

A secured service to verify logged in users, and another service to fetch employees data upon user request

Frontend

Three html pages; a Login page for the 1st step, where the user got a token to be used in the 2nd step in the Verify page. After being verified, the user get a new token to be able to explore the site and get the employees in Index page

Note: In real applications, don't send sensitive data through HTTP Request/Response without being encrypted nor using SSL

web.config

To define the required application and server configurations, such as database connection string

Note: In real applications, you should store the connection string and any sensitive data securely, as described in Connection Strings and Configuration Files

OWIN Start Up class

Basic Steps to build the application

  • Using Visual Studio 2015, create Web API Empty Project

    File menu > New > Projet > ASP.NET web application > enter application name & project location > OK > Empty template & Web API Checkbox ticked > OK

  • Install the needed NuGet Packages responsible for implementing token based authentication:

    • Microsoft.Owin.Host.SystemWeb
    • Microsoft.Owin.Security.OAuth
    • Microsoft.Owin.Cors
    To open NuGet: Go to Solution Explorer >  Right Click on References > Manage NuGet packages > Search for these three Packages

  • Add a database having Users table and Employess table to be used in the test

  • Add a class to represent OAuth Provider for validating the user credentials and generate token (i.e Provider/ ApplicationOAuthProvider.cs)

    Go to solution explorer > Right click on the Project Name > Add > New Item > Select Class & enter its name > Add

  • Add OWIN Start Up class to the root of the project. In this class we can configure OAuth Authorization Server, and it will be fired once our server starts

    Go to Solution Explorer > Right Click on Project Name > Add > New Item > Select OWIN Startup class > Enter class name > Add

  • Add the client pages that represent the flow of the login process, as illustrated from the package files: Login.html > Verify.html > Index.html where I used Jquery for sending ajax requests and populating the pages with the coming data

About

Securing ASP.NET Web API using Token Based Authentication through 2 step without using ASP.net Identity

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HTML 57.9%
  • C# 41.7%
  • Classic ASP 0.4%