asp.net web api - Get bearer token from OWIN Cookie and put it on API Requests -

-

here scenario: have mvc4.5/webapi2 application uses openidconnectauthentication based on thinktecture.identityserver provider. far can authenticate against mvc. want authenticate webapi using bearer token. here configuration

app.usewebapi(configureapi()); app.usecookieauthentication(new cookieauthenticationoptions() {         authenticationtype = cookieauthenticationdefaults.authenticationtype,         cookiesecure = cookiesecureoption.always,         authenticationmode = microsoft.owin.security.authenticationmode.active,         cookiehttponly = true     });  app.useidentityserverbearertokenauthentication(new identityserverbearertokenauthenticationoptions() {                 enablevalidationresultcache = false,                 authority = webconfigurationmanager.appsettings["authority"],                 authenticationmode = microsoft.owin.security.authenticationmode.passive             });  app.useopenidconnectauthentication(new openidconnectauthenticationoptions() {                 authority = webconfigurationmanager.appsettings["authority"],                 clientid = webconfigurationmanager.appsettings["clientid"],                 clientsecret = webconfigurationmanager.appsettings["clientsecret"],                 responsetype = "code id_token",                 scope = "openid email profile",                  signinasauthenticationtype = cookieauthenticationdefaults.authenticationtype,                 notifications = new openidconnectauthenticationnotifications {                     authenticationfailed = onauthenticationfailed,                     authorizationcodereceived = onauthorizationcodereceived,                     redirecttoidentityprovider = onredirecttoidentityprovider                 }             }; );

and webapi configuration

public httpconfiguration configureapi() {             var httpconfig = new httpconfiguration();             // configure web api use bearer token authentication.             httpconfig.suppressdefaulthostauthentication();             httpconfig.filters.add(new hostauthenticationfilter(oauthdefaults.authenticationtype));                 httpconfig.formatters.jsonformatter.serializersettings.contractresolver = new camelcasepropertynamescontractresolver();              // web api routes             httpconfig.maphttpattributeroutes();              httpconfig.routes.maphttproute(                  name: "defaultapi",                  routetemplate: "api/{controller}/{id}",                  defaults: new { id = routeparameter.optional }             );             return httpconfig;         }

since have access token in owin cookie, want add authorization header before reaches api , successful authentication.

here tried

public class customauthorizeattribute : authorizeattribute {         protected override bool isauthorized(system.web.http.controllers.httpactioncontext actioncontext) {             var cookies = actioncontext.request.headers.getcookies(".aspnet.cookies");             var cookie = cookies.first().cookies.firstordefault(c => c.name == ".aspnet.cookies");             if (cookie != null) {                                var unprotectedticket = startup.oauthoptions.ticketdataformat.unprotect(ticket);                 actioncontext.request.headers.add("authorization", string.format("bearer {0}", unprotectedticket.identity.claims.first(c => c.type == "access_token").value));                               }             return base.isauthorized(actioncontext);         }     }

i try owin middleware placed after app.usewebapi(configureapi());

public class usecookietobearerauthentication : owinmiddleware {         public usecookietobearerauthentication(owinmiddleware next) : base(next) { }          public async override task invoke(iowincontext context) {             //todo retrieve cookie name somewhere in formsauthentication.formscookiename                       var cookies = context.request.cookies;             var cookie = cookies.firstordefault(c => c.key == ".aspnet.cookies");             if (!cookie.equals(default(keyvaluepair<string, string>))) {                 var ticket = cookie.value;                 var unprotectedticket = startup.oauthoptions.ticketdataformat.unprotect(ticket);                 context.request.headers.add("authorization", new string[]{                     string.format("bearer {0}", unprotectedticket.identity.claims.first(c => c.type == "access_token").value)                 });             }             await next.invoke(context);         }     }

so, how can achieve token authentication web api based on access token in owin cookie?.

thanks in advance.

the problem identityserverbearertokenauthenticationoptions default uses authenticationmode = validationmode.validationendpoint; default uses microsoft.owin.security.authenticationmode.active , cannot overriden.

so set identityserverbearertokenauthenticationoptions validationmode = validationmode.local; , authenticationmode = microsoft.owin.security.authenticationmode.passive; fine because access token jwt (self-contained).

i use owin middleware access token cookie on request , set on autorization header.

public class usecookietobearerauthentication : owinmiddleware {         public usecookietobearerauthentication(owinmiddleware next) : base(next) { }        public async override task invoke(iowincontext context) {                 var x = startup.oauthoptions.cookiename;                 var cookiename = string.format("{0}{1}", cookieauthenticationdefaults.cookieprefix, cookieauthenticationdefaults.authenticationtype);                 var cookies = context.request.cookies;                 var cookie = cookies.firstordefault(c => c.key == ".aspnet.cookies");                 if (!cookie.equals(default(keyvaluepair<string, string>))) {                     var ticket = cookie.value;                     var unprotectedticket = startup.oauthoptions.ticketdataformat.unprotect(ticket);                     context.request.headers.add("authorization", new string[]{                         string.format("bearer {0}", unprotectedticket.identity.claims.first(c => c.type == "access_token").value)                     });                 }                 await next.invoke(context);             }         }

Comments

Post a Comment

Popular posts from this blog

python - Healpy: From Data to Healpix map -

-
Image
i have data grid rows represent theta (0, pi) , columns represent phi (0, 2*pi) , f(theta,phi) density of dark matter @ location. wanted calculate power spectrum , have decided use healpy. what can not understand how format data healpy use. if provide code (in python obvious reasons) or point me tutorial, great! have tried hand @ doing following code: #grid dimensions nrows*ncols (subject change) theta = np.linspace(0, np.pi, num=grid.shape[0])[:, none] phi = np.linspace(0, 2*np.pi, num=grid.shape[1]) nside = 512 print "pixel area: %.2f square degrees" % hp.nside2pixarea(nside, degrees=true) pix = hp.ang2pix(nside, theta, phi) healpix_map = np.zeros(hp.nside2npix(nside), dtype=np.double) healpix_map[pix] = grid but, when try execute code power spectrum. specifically, : cl = hp.anafast(healpix_map[pix], lmax=1024) i error: typeerror: bad number of pixels if point me tutorial or edit code great. more specifications: data in 2d np array , can change numrows/...
Read more

c - Bitwise operation with (signed) enum value -

-
i using enumerator values flags: typedef enum { = 0x00, b = 0x01u, // u has no influence, expected c = 0x02u, // u has no influence, expected ... } enum_name; volatile unsigned char* reg = someaddress; *reg |= b; according misra-c:2004 bitwise operations shall not done signed type. unfortunately, compiler iar use signed int (or short or char) underlying type of enums, , option can find relates size, not signedness ("--enum-is-int"). according iar c/c++ development guide arm , pages 169 , 211, can define type of enum s if enable iar language extensions ( -e command-line option, or project > options > c/c++ compiler > language > allow iar extensions in ide). in particular, should define "sentinel" value, make sure compiler chooses correct type. prefers signed types, , uses smallest possible integer type, sentinel should largest positive integer corresponding unsigned integer type can describe. example, typedef enum ...
Read more

xslt - Unnest parent nodes by child node -

-
in xml there items 0-n attributes , item should copied each attribute new item 1 attribute. given xml this: <?xml version="1.0" encoding="utf-8" ?> <items> <item> <name>a</name> <attributes> <attribute> <key>attribute1</key> <value>1</value> </attribute> </attributes> </item> <item> <name>b</name> </item> <item> <name>c</name> <attributes> <attribute> <key>attribute1</key> <value>5</value> </attribute> <attribute> <key>attribute2</key> <value>2</value> </attribute> <attribute> <key>attri...
Read more