OWIN OAuth 2.0 Authorization Server

I have read the tutorial http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server and realized that this is what I really want
to secure my web APIs. so I downloaded the project code and added to my API’s MVC project. Actually my project is divided into 2 parts, the MVC_application (for displaying data from web API’s) and the MVC_API where my API’s are configured. so now I have three
projects (MVC_application, MVC_API and AuthorizationServer)

My question is: Howcan I link the AuthorizationServer to my project?

In other words: how do I tell the application to call AuthorizationServer before calling the MVC_API project to read the data?

Edit: I think this is what I am supposed to add to my startup.Auth.cs file in the MVC_application project

app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AuthorizeEndpointPath = new PathString(Paths.AuthorizePath),
TokenEndpointPath = new PathString(Paths.TokenPath),
ApplicationCanDisplayErrors = true,
#if DEBUG
AllowInsecureHttp = true,
#endif
// Authorization server provider which controls the lifecycle of Authorization Server
Provider = new OAuthAuthorizationServerProvider
{
OnValidateClientRedirectUri = ValidateClientRedirectUri,
OnValidateClientAuthentication = ValidateClientAuthentication,
OnGrantResourceOwnerCredentials = GrantResourceOwnerCredentials,
OnGrantClientCredentials = GrantClientCredetails
},

// Authorization code provider which creates and receives authorization code
AuthorizationCodeProvider = new AuthenticationTokenProvider
{
OnCreate = CreateAuthenticationCode,
OnReceive = ReceiveAuthenticationCode,
},

// Refresh token provider which creates and receives referesh token
RefreshTokenProvider = new AuthenticationTokenProvider
{
OnCreate = CreateRefreshToken,
OnReceive = ReceiveRefreshToken,
}
});
}

but how will I edit this to fit my code?

Hi lolo512,

Thanks for your post. From your description, you are going to implement an OAuth 2.0 Authorization Server using OWIN OAuth middleware.

This article briefly describes the Katana Architecture. When the server accepts a request from a client, it is  responsible for passing it through a pipeline of OWIN components, which are specified  by the developer’s startup code. These pipeline components
are known as middleware.

http://www.asp.net/aspnet/overview/owin-and-katana/an-overview-of-project-katana

Also some information as below.

An implementation of an OAuth2 authorization server 

https://github.com/thinktecture/Thinktecture.AuthorizationServer

Protecting an ASP.net Web API hosted on Azure with OAuth Simple Web Tokens using the Access Control Service – Server Side

http://blogs.msdn.com/b/africaapps/archive/2013/04/04/part-1-protecting-an-asp-net-web-api-hosted-on-azure-with-oauth-simple-web-tokens-using-the-access-control-service-server-side.aspx

Secure ASP.NET Web API with Windows Azure AD and Microsoft OWIN Components

http://msdn.microsoft.com/en-us/magazine/dn463788.aspx

Use OWIN to Self-Host ASP.NET Web API 2

http://www.asp.net/web-api/overview/hosting-aspnet-web-api/use-owin-to-self-host-web-api

Hope these useful to you.

Best Regards

Leave a Reply