In the previous post Decouple OWIN Authorization Server from Resource Server we saw how we can separate the Authorization Server and the Resource Server by unifying the “decryptionKey” and “validationKey” key values in machineKey node in the web.config file for the Authorization and the Resource server. So once the user request an access token from the Authorization server, the Authorization server will use this unified […]
Two Factor Authentication in ASP.NET Web API & AngularJS using Google Authenticator
Last week I was looking on how to enable Two Factor Authentication in a RESTful ASP.NET Web API service using Soft Tokens not SMS. Most of the examples out there show how to implement this in MVC application where there will be some cookies transmitted between requests, this approach defeats the stateless nature of the RESTful […]
Decouple OWIN Authorization Server from Resource Server
Recently I’ve received lot of comments and emails asking how we can decouple the OWIN Authorization Server we’ve built in the previous posts from the resources we are protecting. If you are following the posts mentioned below you will notice that we’ve only one software component (API) which plays both roles: Authorization Server and Resource Server. […]
Secure ASP.NET Web API 2 using Azure Active Directory, Owin Middleware, and ADAL
Recently I’ve been asked by many blog readers on how to secure ASP.NET Web API 2 using Azure Active Directory, in other words we want to outsource the authentication part from the Web API to Microsoft Azure Active Directory (AD). We have already seen how the authentication can be done with local database accounts, and social identity providers, so in this […]
ASP.NET Web API Documentation using Swagger
Recently I was working on designing and implementing a large scale RESTful API using ASP.NET Web API, this RESTful API contains large number of endpoints with different data models used in the request/response payloads. Proper documentation and having a solid API explorer (Playground) is a crucial thing for your API success and likability by developers. There is […]
ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app
Ok so it is time to enable ASP.NET Web API 2 external logins such as Facebook & Google then consume this in our AngularJS application. In this post we’ll add support to login using Facebook and Google+ external providers, then we’ll associate those authenticated social accounts with local accounts. Once we complete the implementation in this post we’ll have an […]
Enable OAuth Refresh Tokens in AngularJS App using ASP .NET Web API 2, and Owin
After my previous Token Based Authentication post I’ve received many requests to add OAuth Refresh Tokens to the OAuth Resource Owner Password Credentials flow which I’m currently using in the previous tutorial. To be honest adding support for refresh tokens adds a noticeable level of complexity to your Authorization Server. As well most of the available resources on […]
AngularJS Authentication with Auth0 & ASP .Net OWIN
This is guest post written originally to Auth0. Recently I’ve blogged about using tokens to authenticate users in single page applications, I’ve used ASP.NET Web API, Owin middleware and ASP.NET Identity to store local accounts in database, I didn’t tap into social identity logins such as (Google, Microsoft Accounts, Facebook, etc..) because each provider will not supply the same information […]
AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity
This is the second part of AngularJS Token Authentication using ASP.NET Web API 2 and Owin middleware, you can find the first part using the link below: Token Based Authentication using ASP.NET Web API 2, Owin middleware, and ASP.NET Identity – Part 1. Enable OAuth Refresh Tokens in AngularJS App using ASP .NET Web API […]
Token Based Authentication using ASP.NET Web API 2, Owin, and Identity
Last week I was looking at the top viewed posts on my blog and I noticed that visitors are interested in the authentication part of ASP.NET Web API, CORS Support, and how to authenticate users in single page applications built with AngularJS using token based approach. So I decided to compile mini tutorial of three five posts which covers and connects those […]