public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions
{
AuthenticationType = Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
LogoutPath = new PathString("/Account/LogOff"),
ExpireTimeSpan = TimeSpan.FromMinutes(5.0),
});
app.UseExternalSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
//https://docs.microsoft.com/en-us/previous-versions/aspnet/dn308223(v=vs.113)?redirectedfrom=MSDN
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"), // This is the path which will be called in order to authorize the user credentials and in return it will return the generated access token.
Provider = new helper.AppOAuthProvider(PublicClientId), // This Class should be implemented and it will verify the user credential and create identity claims in order to return the generated access token.
AuthorizeEndpointPath = new PathString("/Account/ExternalLogin"), // This path can be updated to external logins to get user consent that is required to generate access token.
AccessTokenExpireTimeSpan = TimeSpan.FromHours(4), // This is the time period during which the access token is accessible. The shorter time span is recommended for sensitive API(s).
AllowInsecureHttp = true //Don't do this in production ONLY FOR DEVELOPING: ALLOW INSECURE HTTP!
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// Uncomment the following lines to enable logging in with third party login providers
//app.UseMicrosoftAccountAuthentication(
// clientId: "",
// clientSecret: "");
//app.UseTwitterAuthentication(
// consumerKey: "",
// consumerSecret: "");
//app.UseFacebookAuthentication(
// appId: "",
// appSecret: "");
//app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
//{
// ClientId = "",
// ClientSecret = ""
//});
}
public void ConfigureOAuth(IAppBuilder app)
{
Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions OAuthServerOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20),
Provider = new SimpleAuthorizationServerProvider(),
RefreshTokenProvider = new SimpleRefreshTokenProvider()
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions());
}
public void ConfigureOAuth(IAppBuilder app)
{
var OAuthServerOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new Microsoft.Owin.PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new SimpleAuthorizationServerProvider(),
RefreshTokenProvider = new SimpleRefreshTokenProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions());
}
public void Configuration(IAppBuilder app)
{
var oauthProvider = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider
{
OnGrantResourceOwnerCredentials = async context =>
{
if (context.UserName == "rboyina" && context.Password == "welcome@123")
{
var claimsIdentity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType);
claimsIdentity.AddClaim(new System.Security.Claims.Claim("user", context.UserName));
context.Validated(claimsIdentity);
return;
}
context.Rejected();
},
OnValidateClientAuthentication = async context =>
{
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret))
{
if (clientId == "ravi" && clientSecret == "secretKey")
{
context.Validated();
}
}
}
};
var oauthOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new Microsoft.Owin.PathString("/accesstoken"),
Provider = oauthProvider,
AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(1),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(3),
SystemClock = new Microsoft.Owin.Infrastructure.SystemClock()
};
app.UseOAuthAuthorizationServer(oauthOptions);
app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions());
var config = new System.Web.Http.HttpConfiguration();
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
