OWIN OAuth 2.0 Authorization Server

I have read the tutorial http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server and realized that this is what I really want
to secure my web APIs. so I downloaded the project code and added to my API’s MVC project. Actually my project is divided into 2 parts, the MVC_application (for displaying data from web API’s) and the MVC_API where my API’s are configured. so now I have three
projects (MVC_application, MVC_API and AuthorizationServer)

My question is: Howcan I link the AuthorizationServer to my project?

In other words: how do I tell the application to call AuthorizationServer before calling the MVC_API project to read the data?

Edit: I think this is what I am supposed to add to my startup.Auth.cs file in the MVC_application project

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
AuthorizeEndpointPath = new PathString(Paths.AuthorizePath),
TokenEndpointPath = new PathString(Paths.TokenPath),
ApplicationCanDisplayErrors = true,
AllowInsecureHttp = true,
// Authorization server provider which controls the lifecycle of Authorization Server
Provider = new OAuthAuthorizationServerProvider
OnValidateClientRedirectUri = ValidateClientRedirectUri,
OnValidateClientAuthentication = ValidateClientAuthentication,
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
OnGrantClientCredentials = GrantClientCredetails

// Authorization code provider which creates and receives authorization code
AuthorizationCodeProvider = new AuthenticationTokenProvider
OnCreate = CreateAuthenticationCode,
OnReceive = ReceiveAuthenticationCode,

// Refresh token provider which creates and receives referesh token
RefreshTokenProvider = new AuthenticationTokenProvider
OnCreate = CreateRefreshToken,
OnReceive = ReceiveRefreshToken,

but how will I edit this to fit my code?

Hi lolo512,

Thanks for your post. From your description, you are going to implement an OAuth 2.0 Authorization Server using OWIN OAuth middleware.

This article briefly describes the Katana Architecture. When the server accepts a request from a client, it is  responsible for passing it through a pipeline of OWIN components, which are specified  by the developer’s startup code. These pipeline components
are known as middleware.


Also some information as below.

An implementation of an OAuth2 authorization server 


Protecting an ASP.net Web API hosted on Azure with OAuth Simple Web Tokens using the Access Control Service – Server Side


Secure ASP.NET Web API with Windows Azure AD and Microsoft OWIN Components


Use OWIN to Self-Host ASP.NET Web API 2


Hope these useful to you.

Best Regards

Leave a Reply