public void Configuration(IAppBuilder app) { // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888 // Enable the application to use a cookie to store information for the signed in user // and to use a cookie to temporarily store information about a user logging in with a third party login provider // Configure the sign in cookie app.UseCookieAuthentication(new Microsoft.Owin.Security.Cookies.CookieAuthenticationOptions { AuthenticationType = Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ApplicationCookie, LoginPath = new PathString("/Account/Login"), LogoutPath = new PathString("/Account/LogOff"), ExpireTimeSpan = TimeSpan.FromMinutes(5.0), }); app.UseExternalSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie); //https://docs.microsoft.com/en-us/previous-versions/aspnet/dn308223(v=vs.113)?redirectedfrom=MSDN // Configure the application for OAuth based flow PublicClientId = "self"; OAuthOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), // This is the path which will be called in order to authorize the user credentials and in return it will return the generated access token. Provider = new helper.AppOAuthProvider(PublicClientId), // This Class should be implemented and it will verify the user credential and create identity claims in order to return the generated access token. AuthorizeEndpointPath = new PathString("/Account/ExternalLogin"), // This path can be updated to external logins to get user consent that is required to generate access token. AccessTokenExpireTimeSpan = TimeSpan.FromHours(4), // This is the time period during which the access token is accessible. The shorter time span is recommended for sensitive API(s). AllowInsecureHttp = true //Don't do this in production ONLY FOR DEVELOPING: ALLOW INSECURE HTTP! }; // Enable the application to use bearer tokens to authenticate users app.UseOAuthBearerTokens(OAuthOptions); // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process. app.UseTwoFactorSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5)); // Uncomment the following lines to enable logging in with third party login providers //app.UseMicrosoftAccountAuthentication( // clientId: "", // clientSecret: ""); //app.UseTwitterAuthentication( // consumerKey: "", // consumerSecret: ""); //app.UseFacebookAuthentication( // appId: "", // appSecret: ""); //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions() //{ // ClientId = "", // ClientSecret = "" //}); }
public void ConfigureOAuth(IAppBuilder app) { Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions OAuthServerOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20), Provider = new SimpleAuthorizationServerProvider(), RefreshTokenProvider = new SimpleRefreshTokenProvider() }; app.UseOAuthAuthorizationServer(OAuthServerOptions); app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions()); }
public void ConfigureOAuth(IAppBuilder app) { var OAuthServerOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions() { AllowInsecureHttp = true, TokenEndpointPath = new Microsoft.Owin.PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30), Provider = new SimpleAuthorizationServerProvider(), RefreshTokenProvider = new SimpleRefreshTokenProvider() }; // Token Generation app.UseOAuthAuthorizationServer(OAuthServerOptions); app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions()); }
public void Configuration(IAppBuilder app) { var oauthProvider = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerProvider { OnGrantResourceOwnerCredentials = async context => { if (context.UserName == "rboyina" && context.Password == "welcome@123") { var claimsIdentity = new System.Security.Claims.ClaimsIdentity(context.Options.AuthenticationType); claimsIdentity.AddClaim(new System.Security.Claims.Claim("user", context.UserName)); context.Validated(claimsIdentity); return; } context.Rejected(); }, OnValidateClientAuthentication = async context => { string clientId; string clientSecret; if (context.TryGetBasicCredentials(out clientId, out clientSecret)) { if (clientId == "ravi" && clientSecret == "secretKey") { context.Validated(); } } } }; var oauthOptions = new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new Microsoft.Owin.PathString("/accesstoken"), Provider = oauthProvider, AuthorizationCodeExpireTimeSpan = TimeSpan.FromMinutes(1), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(3), SystemClock = new Microsoft.Owin.Infrastructure.SystemClock() }; app.UseOAuthAuthorizationServer(oauthOptions); app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions()); var config = new System.Web.Http.HttpConfiguration(); config.MapHttpAttributeRoutes(); app.UseWebApi(config); }