Authentication in. NET Web Api

Before introducing this little demo of Webapi, let's just say something about OAuth.

OAuth is an Open license that allows users to authorize third parties to their own resources, so that third parties can access your authorized resources without your account password. For example, some forums directly with QQ account Landing, the public number, etc., are the application of OAuth embodiment.

Here the Webapi demo is the same, the user only authorized token to access the API, some people are more curious about this token, but OAuth2.0 did not introduce the token algorithm, just introduced how to use, Google, Twitter has made it clear that this bearer token is used, and of course it can write tokens of its own.

Bearer token uses the BASE64 encoding format, which has a Bearer prefix, in the following form:

Bearer Kki94xl28asvujf-j_sxntx6ybd-o0ifoizzbdn22zclqvwlewcvfrlqh2ptz_ Psbnkqbeekwetj01gajtbbc8f3fb4bqturvqig0cm48llq3oaxjpufd0tkjnwmf5mrcmfbu45mbond2-v_qjipgh0ylcxb6hl0qco4nf_ Gwy11wiuj-xsuf8lnllpg4mzelmtlx-yehnf_ htz-4fcslwicvmwhttvblp5fgnmrcd5xfx-nq-w0wqtes3ttn6tjum7ffrpfsftcyv768nm14eghm2xakyp8elvt0etv-iibunjjoev9twyzopsebl6i1rq0q Sm0_-kwcvlove9h3lxhrc6z2fimqojbfme80jbaald3tb3xdqumicvrsrfdtpsxkowirce-p5ah3txluq2a4f_e_ Clewdlbvcbrmvnc5ljzbp7ygdo8wx2rx3zquvzqpiyzk9i6l-wqrky1mmugt__9hjpw0rl8iwccyt3q3oystoz6cr_sbr7z6q6o

Then get the token, you can use the HTTP request Resource,header as follows:

Get/resource http/1.1Authorization:bearer ... Host: ...

OK, above is just a brief introduction to the next OAuth, does not involve the principle of OAuth framework, interested in looking at the official doc.

To get started, let's start with VS to build a project named Webapidemo.

Let's take a look at the controller:

AccountController: Login User Action

Valuescontroller:api operation

We debug a project and get to the API page to sign. The operations section of the user and API for the controller above is listed here.

We're going to try the API for the register user listed under the API tag. Here we use a fiddler HTTP Debug tool.

We fill in the box with some test data.

Take a look at the debug results and double-click on the left column. See HTTP form submission return results OK.

We went back to the solution and saw that project automatically created an express db with a Webapidemo prefix, and saw that we had entered our test data.

The connection to the database can also be modified in Web. config.

Take a look at project's Startup.cs defines the server address for token authentication.

Try to get a token. Note the head file.

Returns the result. Copy the token assigned by this server.

We use this token to verify the API.

Header file.

As a result, OK returns two strings. Token verification was successful.

We erased the token, tested it again, and found that the API reported a 401 error.

OK, the above is a simple introduction to the Microsoft Web API, in addition to resource authorization, resources server, Authorization server and client building, OAuth also provides the corresponding solution, To get a good understanding of OAuth it is necessary to look at its documentation, there is a. NET this piece, you can go to GitHub to see Dotnetopenauth.

Authentication in. NET Web Api