ASP.NET Web Api: How to pass an access token (oAuth 2.0) using URL parameter? -


do have idea how can use, access_token generated default asp.net web api 2 oauth 2 authorization mechanism, in url parameters. able authorize sending request authorization header this:

accept: application/json content-type: application/json authorization: bearer padksjwmv927u... 

what want enable authorization through url parameter this:

https://www.domain.com/api/mycontroller?access_token=padksjwmv927u... 

well - agree header better alternative - there of course situations query string needed. oauth2 spec defines well.

anyways - feature built katana oauth2 middleware:

http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

public class querystringoauthbearerprovider : oauthbearerauthenticationprovider {     readonly string _name;      public querystringoauthbearerprovider(string name)     {         _name = name;     }      public override task requesttoken(oauthrequesttokencontext context)     {         var value = context.request.query.get(_name);          if (!string.isnullorempty(value))         {             context.token = value;         }          return task.fromresult<object>(null);     } } 

and then:

var options = new jwtbearerauthenticationoptions {     allowedaudiences = new[] { audience },     issuersecuritytokenproviders = new[]         {             new symmetrickeyissuersecuritytokenprovider(                 issuer,                 signingkey)         },     provider = new querystringoauthbearerprovider(“access_token”) }; 

Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -