Suggested Videos
Part 20 - ASP.NET Web API token authentication
Part 21 - ASP.NET Web API user registration
Part 22 - Using asp.net identity with Web API
In this video we will discuss how to test ASP.NET Web API token based authenticationthe using fiddler. This is continuation to Part 22. Please watch Part 22 from ASP.NET Web API tutorial before proceeding.
In our previous video we have registered a new user with the following email address and password. The username is also the email address.
Email : test1@test.com
Password : Test123!
Now let's use fiddler and generate the access token using the above username and password. Use the Composer tab in Fiddler to compose a request. Fiddler configuration is shown below.
With the above configuration in place, click the Execute button in Fiddler. Notice we get the access token back. You can also see when the token is issued and when it expires.
Now let's understand how the access token is generated.
The code that generates the access token is provided by ASP.NET Web API out of the box. To see this code open the file "Startup.Auth.cs" that is present in App_Start folder. Notice in the ConfigureAuth() method
If we issue a GET request to http://localhost:61358/api/employees we get 401 Unauthorized error. Since the EmployeesController is decorated with [Authorize] attribute, the request needs to be authenticated. So with every request we have to send the Bearer token using Authorization header as shown in fiddler below.
In our next video we will discuss implementing the Login page for the sample application that we have been working with in this series.
Part 20 - ASP.NET Web API token authentication
Part 21 - ASP.NET Web API user registration
Part 22 - Using asp.net identity with Web API
In this video we will discuss how to test ASP.NET Web API token based authenticationthe using fiddler. This is continuation to Part 22. Please watch Part 22 from ASP.NET Web API tutorial before proceeding.
In our previous video we have registered a new user with the following email address and password. The username is also the email address.
Email : test1@test.com
Password : Test123!
Now let's use fiddler and generate the access token using the above username and password. Use the Composer tab in Fiddler to compose a request. Fiddler configuration is shown below.
- Issue a POST request to /token
- In the request body include username and the password.
- We also need to set grant_type=password. This indicates that we are presenting password for acquiring access token.
With the above configuration in place, click the Execute button in Fiddler. Notice we get the access token back. You can also see when the token is issued and when it expires.
Now let's understand how the access token is generated.
The code that generates the access token is provided by ASP.NET Web API out of the box. To see this code open the file "Startup.Auth.cs" that is present in App_Start folder. Notice in the ConfigureAuth() method
- An instance of OAuthAuthorizationServerOptions is created
- The /Token end point to which we have posted username and password is specified in here
- The token expiry is specified using AccessTokenExpireTimeSpan property. In this case the token expires 14 days after it is issued. You can change this to meet your application needs.
- The Provider property is initialised with a new instance of ApplicationOAuthProvider class. This class has GrantResourceOwnerCredentials() method which verifies if the provided username and password are valid. If valid an access token is issued. The token is generated when context.Validated(ticket) method is called.
If we issue a GET request to http://localhost:61358/api/employees we get 401 Unauthorized error. Since the EmployeesController is decorated with [Authorize] attribute, the request needs to be authenticated. So with every request we have to send the Bearer token using Authorization header as shown in fiddler below.
In our next video we will discuss implementing the Login page for the sample application that we have been working with in this series.
where is database is created or by default its made of not?
ReplyDeletePlease watch couple of previous video sessions.
Deletei got 400 bad request error while generating token? what about database in Oauth2 token generation or verifying?
ReplyDeleteAs far as i investigated you might have provide wrong userId or password
Deletee.g - If your username is -- test@mail.com
and password -- Test@123
then in request body you must have to pass
username=test@mail.com&password=Test@123&grant_type=password
Hope this will help :)
The last step that in Fiddler http://localhost:1656/api/employees. Specify the Token i.e Authorizatio : Bearer. which token is that from where i will get that token number to give in.
ReplyDeleteYou will get the token when you request it in the first login and then it is saved in session/cookies and then if you navigate away to some other page and the token is still valid, you will be logged in without providing the login creds.
DeleteI replaced [BasicAuthentication] attribute from previous tutorials with [Authorize] to avoid the base64 encoding. Now I am getting this error:
ReplyDeleteUnder RFC2616, HTTP/400 responses will not be cached regardless of what caching headers may be present.
HTTP/1.0 Expires Header is present: -1
Legacy Pragma Header is present: no-cache
!! WARNING: IE will only respect a Pragma: no-cache Response Header on a HTTPS response. Using this value on a HTTP response has no effect.
HTTP/1.1 Cache-Control Header is present: no-cache
This response contains neither an ETAG nor a Last-Modified time. This will prevent a Conditional Revalidation of this response.
I had the same situation. Mine was because in one of the previous tutorials LoadAllEmployees (in EmployeeController) was tweaked. Instead of gender the username was being checked using switch / case. So whenever the username was not 'male' or 'female' it went to the default block to create a bad request.
DeleteWhen I am creating webapi then Startup.Auth.cs file not present in appstart folder.In which version it will available.can u guide me.
ReplyDeleteIt should be there. What VS version you are using and which template?
DeleteYou need to install OWIN from Nuget, if this doesn't help
ReplyDeleteClick on project, add, new item
Search for OWIN startup class
Typo in Kudvenkat Sir's this text Article:
ReplyDeleteauthenticationthe using fiddler
Correct:
authentication using fiddler
my status in fiddler is ok but iam not getting access_token
ReplyDeletegetting error illegal identifier username at position 0