0

I'm trying to implement token authentication against my own database. My Configure method is

public void ConfigureAuth(IAppBuilder app)
{
        // Configure the db context and user manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Configure the application for OAuth based flow
        PublicClientId = "self";
        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new CustomOAuthProvider(),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            // In production mode set AllowInsecureHttp = false
            AllowInsecureHttp = true
        };

        // Enable the application to use bearer tokens to authenticate users
        app.UseOAuthBearerTokens(OAuthOptions);
}

As you can see, I use CustomOAuthProvider class, which overrides GrantResourceOwnerCredentials method as follows

public class CustomOAuthProvider : OAuthAuthorizationServerProvider
{
    public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"});

        IUsersService userService = DependencyResolver.Current.GetService<IUsersService>();
        if (!userService.CheckCredentials(context.UserName, context.Password))
        {
            context.SetError("invalid_grant", "The user name or password is incorrect");
            return Task.FromResult<object>(null);
        }

        var identity = new ClaimsIdentity("JWT");

        identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim(ClaimTypes.Role, "User"));

        var props = new AuthenticationProperties(new Dictionary<string, string>
        {
            {
                "audience", context.ClientId ?? string.Empty
            }
        });

        var ticket = new AuthenticationTicket(identity, props);
        context.Validated(ticket);
        return Task.FromResult<object>(null);
    }
}

But anytime I make a request for token via Fiddler, I get 400 = Bad request. enter image description here

What am I doing wrong ?:)

eXPerience
  • 346
  • 1
  • 3
  • 19

1 Answers1

0

Anyone having the same trouble, just follow this article, it shows how to override the GrantResourceOwnerCredentials method so that it all works:

http://www.hackered.co.uk/articles/asp-net-mvc-creating-an-oauth-password-grant-type-token-endpoint

public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    var user = userService.GetUser(context.UserName, context.Password);
    var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name));
    var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
    context.Validated(ticket);
    return base.GrantResourceOwnerCredentials(context);
}
eXPerience
  • 346
  • 1
  • 3
  • 19