Is there an out of the box extension for Ws-Federation authentication in OWIN middleware libraries to handle Web APIs using authentication header instead of cookies?
// OAuth bearer calling style
var headers = {};
headers.Authorization = 'Bearer ' + token;
$.ajax({
type: 'GET',
url: 'api/values/1',
headers: headers
I know how to write a custom handler to extract the token and validate it but can I avoid this?
You can use the Visual Studio Template that comes with OAuth 2.0 server implemented as an OWIN middleware:
New Project -> Web -> ASP.NET Application -> OK -> Web API Template, with Individual User Accounts authentication
Revise the Startup.Auth.cs file in App_Startup folder for auth configuration.
I used Auth0 as Authentication Provider for one of my projects.
I did following for my Web API project. For handling Authorization header and token, I used following Nuget Packages:
Install-Package WebApi.JsonWebToken
Install-Package Auth0-ASPNET
It adds JsonWebToken.cs and JsonWebTokenValidationHandler.cs in App_Start folder.
Opening WebApiConfig.cs add using statements
using projectName.App_Start;
using System.Web.Configuration;
and add following code snippet under Register method.
var clientID = WebConfigurationManager.AppSettings["ClientId"];
var clientSecret = WebConfigurationManager.AppSettings["ClientSecret"];
config.MessageHandlers.Add(new JsonWebTokenValidationHandler()
{
Audience = clientID,
SymmetricKey = clientSecret
});
Remove anything related to Auth0 and there you have a nice handler for extracting the JWT token and also code for validating it.
Reference: https://manage.auth0.com/
