ASOS (AspNet.Security.OpenIdConnect.Server) is an advanced OAuth2 for ASP.NET Core 1.x and 2.x. In this article, we explain the integration process of ASOS, corresponding to client_credentials and password grant types, to enable:
- Token-based authentication
- User-based authentication
Token-based authentication
Token-based authentication is the process of creating a token and attaching it with a HTTP request, which will be made to access an API. If a valid token is attached, then the request will be allowed. If an invalid token is attached, then the request will be rejected.
This is the type of authentication that will work while calling with client_credentials grant type.
Prerequisites
- Client ID for API
- Client secret ID for API
Startup.cs configure services
services.AddAuthentication().AddOpenIdConnectServer(options =>
{
options.AllowInsecureHttp = true;
options.AccessTokenLifetime = TimeSpan.FromMinutes(60); //Provide token expiry here.
options.TokenEndpointPath = "/token"; //Provide token end point path here.
options.Provider.OnValidateTokenRequest = context =>
{
//["ClientCredentials:ClientId"] denotes your API client id in the format of string.
//["ClientCredentials:ClientSecret"] denotes your API client secret id in the format of string.
if (context.ClientId == ["ClientCredentials:ClientId"] && context.ClientSecret == ["ClientCredentials:ClientSecret"])
{
context.Validate();
}
else
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidClient,
description: "Invalid Client details");
}
return Task.CompletedTask;
};
});
services.AddAuthentication(OAuthValidationDefaults.AuthenticationScheme).AddOAuthValidation();
User-based authentication
This type of authentication will work while calling with a password of grant type.
Prerequisites
You should have user login credentials to allow users to access a particular API request.
Startup.cs configure services
options.Provider.OnHandleTokenRequest = context =>
{
if (!string.IsNullOrEmpty(context.Request.Username) && !string.IsNullOrEmpty(context.Request.Password) && context.Request.IsPasswordGrantType())
{
bool loginValidation = GetLoginvalidation(context.Request.Username, context.Request.Password);
if (!loginValidation)
{
context.Reject(
error: OpenIdConnectConstants.Errors.InvalidGrant,
description: loginValidation);
return Task.CompletedTask;
}
else
{
// If user information is correct, you can do customized changes like adding in claims in this block based on your requirement.
}
}
};
Additional points to be considered
- Add UseAuthentication() to make the previous authentication work. Add this above app.UseMvc() in the configure method in startup.cs.
- The controller of each request should have the authorized filter to authorize each request.
[Authorize]
public JsonResult Login()
{
return;
}
Conclusion
In this blog, we have seen the integration process of ASOS in ASP.NET Core API to enable token-based authentication and user-based authentication.
Syncfusion provides 70+ ASP.NET Core UI controls such as DataGrid, Charts, and Scheduler. You can use them to speed up your application development.
If you have any questions, please let us know in the comments section below. You can contact us through our support forum, Direct-Trac, or Feedback Portal. We are waiting to hear your feedback!
The post ASOS Integration in ASP.NET Core API appeared first on Syncfusion Blogs.
Top comments (0)