SlideShare a Scribd company logo

Web API 2 Token Based Authentication

Download as PPTX, PDF
J
jeremysbrown

This document discusses token based authentication in ASP.NET Web API 2 projects. It covers the basic concepts of token authentication including the roles in OAuth 2.0 of resource owners, clients, authorization servers and resource servers. It also summarizes the different OAuth 2.0 client types, authorization grant types, and development options for implementing token authentication using OWIN middleware or DotNetOpenAuth.

Software
1 of 10
Downloaded 74 times
1
2
3
4
5
6
7
8
9
10
ASP.NET Web API 2 Token Based Authentication Jeremy Brown jeremy@jeremysbrown.com @JeremySBrown ht tps : / /gi thub.com/ JeremySBrown/AuthTokenPresentat ion
What this talk is about… • Basic Concepts of Token Based Authentication • Benefits of Token Authentication • Quick Overview of OAuth 2.0 (really quick) • How to use it in an ASP.NET Web API 2 Project
What is Token Authentication? I t is the process when a Resource Owner or Cl ient i s granted a token by providing thei r credent ials to an Author izat ion Server. The obtained access token can then be presented to a Resource Server to access a protected resource.
Benefits of Token Authentication • Allows access between applications without sharing credentials • Supports Cross-Domain / CORS • Stateless • Decoupling • Mobile Ready • CSRF/XSRF is not an issue
Access Tokens: The Heart of OAuth Quick Guide to OAuth 2.0 • Roles • Client Types • Client Profiles • Authorization Grant Types
OAuth 2.0 Roles • Resource Owner: End User • Resource Server: Host that accepts access tokens • Client: An application that needs access to a protected Resource • Authorization Server: Issues token to authenticated owner Note: Typically ASP.NET Web API projects functions as both the Authorization Server and Resource Server
OAuth 2.0 Client Types & Profiles • Confidential Clients • Web Applications (Server Side Only) • Public Clients • User Agent Based Applications (JQuery, SPAs, Silverlight, Flash) • Native Applications (Mobile, Desktop Applications)
OAuth 2.0 Authorization Grant Types • Resource Owner Password • Client Credentials • Authorization Code • Implicit • Refresh Token
Development Options • OWIN – Open Web Interface for .NET • Middleware components for OAuth and CORS • http://owin.org • DotNetOpenAuth • C# implementation of the OpenID, OAuth and InfoCard protocols • http://dotnetopenauth.net
Contact Information • jeremy@jeremysbrown.com • https://github.com/JeremySBrown/AuthTokenPresentation • @JeremySBrown

More Related Content

What's hot (20)

PDF
JSON Web Token
Deddy Setyadi
 
PDF
SAML Protocol Overview
Mike Schwartz
 
PDF
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
PPTX
Json Web Token - JWT
Prashant Walke
 
PDF
OpenID Connect Explained
Vladimir Dzhuvinov
 
ODP
OAuth2 - Introduction
Knoldus Inc.
 
PDF
JSON WEB TOKEN
Knoldus Inc.
 
PPTX
Intro to WebSockets
Gaurav Oberoi
 
PDF
Introduction to SAML 2.0
Mika Koivisto
 
PPTX
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
PDF
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
PPTX
Rest API Security
Stormpath
 
PDF
Json web token
Mayank Patel
 
PPTX
An introduction to OAuth 2
Sanjoy Kumar Roy
 
ODP
Introduction to Swagger
Knoldus Inc.
 
PDF
FIWARE Training: API Umbrella
FIWARE
 
PDF
OAuth - Open API Authentication
leahculver
 
PPTX
Rest API
Rohana K Amarakoon
 
PPTX
An introduction to Laravel Passport
Michael Peacock
 
PPTX
OpenID Connect: An Overview
Pat Patterson
 
JSON Web Token
Deddy Setyadi
 
SAML Protocol Overview
Mike Schwartz
 
What is REST API? REST API Concepts and Examples | Edureka
Edureka!
 
Json Web Token - JWT
Prashant Walke
 
OpenID Connect Explained
Vladimir Dzhuvinov
 
OAuth2 - Introduction
Knoldus Inc.
 
JSON WEB TOKEN
Knoldus Inc.
 
Intro to WebSockets
Gaurav Oberoi
 
Introduction to SAML 2.0
Mika Koivisto
 
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
Rest API Security
Stormpath
 
Json web token
Mayank Patel
 
An introduction to OAuth 2
Sanjoy Kumar Roy
 
Introduction to Swagger
Knoldus Inc.
 
FIWARE Training: API Umbrella
FIWARE
 
OAuth - Open API Authentication
leahculver
 
Rest API
Rohana K Amarakoon
 
An introduction to Laravel Passport
Michael Peacock
 
OpenID Connect: An Overview
Pat Patterson
 

Viewers also liked (10)

PPTX
Building RESTfull Data Services with WebAPI
Gert Drapers
 
PDF
Mapping example
Samir Sabry
 
PDF
Data mapping tutorial
Dmitri Nesteruk
 
PDF
Stateless token-based authentication for pure front-end applications
Alvaro Sanchez-Mariscal
 
PDF
淺談RESTful API認證 Token機制使用經驗分享
Tun-Yu Chang
 
PDF
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 
PDF
OAuth2 and Spring Security
Orest Ivasiv
 
PDF
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
PDF
Effect of erp system
Umashankar Utage
 
PPTX
Design Beautiful REST + JSON APIs
Stormpath
 
Building RESTfull Data Services with WebAPI
Gert Drapers
 
Mapping example
Samir Sabry
 
Data mapping tutorial
Dmitri Nesteruk
 
Stateless token-based authentication for pure front-end applications
Alvaro Sanchez-Mariscal
 
淺談RESTful API認證 Token機制使用經驗分享
Tun-Yu Chang
 
Stateless authentication for microservices - Spring I/O 2015
Alvaro Sanchez-Mariscal
 
OAuth2 and Spring Security
Orest Ivasiv
 
OAuth and OpenID Connect for Microservices
Twobo Technologies
 
Effect of erp system
Umashankar Utage
 
Design Beautiful REST + JSON APIs
Stormpath
 
Ad

Similar to Web API 2 Token Based Authentication (20)

PPTX
OAuth 2
ChrisWood262
 
PPTX
Devteach 2017 OAuth and Open id connect demystified
Taswar Bhatti
 
PDF
Demystifying OAuth 2.0
Karl McGuinness
 
PPTX
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
Stuart
 
PPTX
OAuth2 Implementation Presentation (Java)
Knoldus Inc.
 
PPTX
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
PDF
Oauth2.0 tutorial
HarikaReddy115
 
PPT
Oauth2.0
Yasmine Gaber
 
PDF
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
PDF
.NET Core, ASP.NET Core Course, Session 19
Amin Mesbahi
 
PPTX
OAuth 2.0 at the Globiots
Tran Thanh Thi
 
PDF
OAuth2
SPARK MEDIA
 
PDF
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
Vladimir Bychkov
 
PDF
OAuth and why you should use it
Sergey Podgornyy
 
PDF
Spring Security
Knoldus Inc.
 
PPTX
OAuth 2 Spring Boot 3 Integration Presentation
Knoldus Inc.
 
PPTX
Y U No OAuth?!?
Jason Robert
 
PPTX
Wso2 is integration with .net core
Ismaeel Enjreny
 
PDF
Introduction to OAuth2.0
Oracle Corporation
 
PDF
Stateless authentication for microservices applications - JavaLand 2015
Alvaro Sanchez-Mariscal
 
OAuth 2
ChrisWood262
 
Devteach 2017 OAuth and Open id connect demystified
Taswar Bhatti
 
Demystifying OAuth 2.0
Karl McGuinness
 
OAuth with AngularJS and WebAPI - SoCal Code Camp 2015
Stuart
 
OAuth2 Implementation Presentation (Java)
Knoldus Inc.
 
Oauth2 and OWSM OAuth2 support
Gaurav Sharma
 
Oauth2.0 tutorial
HarikaReddy115
 
Oauth2.0
Yasmine Gaber
 
ConFoo 2015 - Securing RESTful resources with OAuth2
Rodrigo Cândido da Silva
 
.NET Core, ASP.NET Core Course, Session 19
Amin Mesbahi
 
OAuth 2.0 at the Globiots
Tran Thanh Thi
 
OAuth2
SPARK MEDIA
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
Vladimir Bychkov
 
OAuth and why you should use it
Sergey Podgornyy
 
Spring Security
Knoldus Inc.
 
OAuth 2 Spring Boot 3 Integration Presentation
Knoldus Inc.
 
Y U No OAuth?!?
Jason Robert
 
Wso2 is integration with .net core
Ismaeel Enjreny
 
Introduction to OAuth2.0
Oracle Corporation
 
Stateless authentication for microservices applications - JavaLand 2015
Alvaro Sanchez-Mariscal
 
Ad

Recently uploaded (20)

PDF
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
PPTX
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
PPTX
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
Alarm in Android-Scheduling Timed Tasks Using AlarmManager in Android.pdf
Nabin Dhakal
 
PDF
Thread In Android-Mastering Concurrency for Responsive Apps.pdf
Nabin Dhakal
 
PDF
Streamline Contractor Lifecycle- TECH EHS Solution
TECH EHS Solution
 
PDF
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
PPT
MergeSortfbsjbjsfk sdfik k
RafishaikIT02044
 
DOCX
Import Data Form Excel to Tally Services
Tally xperts
 
PPTX
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
PPTX
How Apagen Empowered an EPC Company with Engineering ERP Software
SatishKumar2651
 
PDF
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
PDF
Efficient, Automated Claims Processing Software for Insurers
Insurance Tech Services
 
PPTX
MailsDaddy Outlook OST to PST converter.pptx
abhishekdutt366
 
PDF
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
PDF
Capcut Pro Crack For PC Latest Version {Fully Unlocked} 2025
hashhshs786
 
PDF
Powering GIS with FME and VertiGIS - Peak of Data & AI 2025
Safe Software
 
PPTX
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
PDF
Executive Business Intelligence Dashboards
vandeslie24
 
Automate Cybersecurity Tasks with Python
VICTOR MAESTRE RAMIREZ
 
Revolutionizing Code Modernization with AI
KrzysztofKkol1
 
3uTools Full Crack Free Version Download [Latest] 2025
muhammadgurbazkhan
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
Alarm in Android-Scheduling Timed Tasks Using AlarmManager in Android.pdf
Nabin Dhakal
 
Thread In Android-Mastering Concurrency for Responsive Apps.pdf
Nabin Dhakal
 
Streamline Contractor Lifecycle- TECH EHS Solution
TECH EHS Solution
 
Build It, Buy It, or Already Got It? Make Smarter Martech Decisions
bbedford2
 
MergeSortfbsjbjsfk sdfik k
RafishaikIT02044
 
Import Data Form Excel to Tally Services
Tally xperts
 
Why Businesses Are Switching to Open Source Alternatives to Crystal Reports.pptx
Varsha Nayak
 
How Apagen Empowered an EPC Company with Engineering ERP Software
SatishKumar2651
 
vMix Pro 28.0.0.42 Download vMix Registration key Bundle
kulindacore
 
Efficient, Automated Claims Processing Software for Insurers
Insurance Tech Services
 
MailsDaddy Outlook OST to PST converter.pptx
abhishekdutt366
 
Unlock Efficiency with Insurance Policy Administration Systems
Insurance Tech Services
 
Capcut Pro Crack For PC Latest Version {Fully Unlocked} 2025
hashhshs786
 
Powering GIS with FME and VertiGIS - Peak of Data & AI 2025
Safe Software
 
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
Executive Business Intelligence Dashboards
vandeslie24
 

Web API 2 Token Based Authentication

  • 1. ASP.NET Web API 2 Token Based Authentication Jeremy Brown [email protected] @JeremySBrown ht tps : / /gi thub.com/ JeremySBrown/AuthTokenPresentat ion
  • 2. What this talk is about… • Basic Concepts of Token Based Authentication • Benefits of Token Authentication • Quick Overview of OAuth 2.0 (really quick) • How to use it in an ASP.NET Web API 2 Project
  • 3. What is Token Authentication? I t is the process when a Resource Owner or Cl ient i s granted a token by providing thei r credent ials to an Author izat ion Server. The obtained access token can then be presented to a Resource Server to access a protected resource.
  • 4. Benefits of Token Authentication • Allows access between applications without sharing credentials • Supports Cross-Domain / CORS • Stateless • Decoupling • Mobile Ready • CSRF/XSRF is not an issue
  • 5. Access Tokens: The Heart of OAuth Quick Guide to OAuth 2.0 • Roles • Client Types • Client Profiles • Authorization Grant Types
  • 6. OAuth 2.0 Roles • Resource Owner: End User • Resource Server: Host that accepts access tokens • Client: An application that needs access to a protected Resource • Authorization Server: Issues token to authenticated owner Note: Typically ASP.NET Web API projects functions as both the Authorization Server and Resource Server
  • 7. OAuth 2.0 Client Types & Profiles • Confidential Clients • Web Applications (Server Side Only) • Public Clients • User Agent Based Applications (JQuery, SPAs, Silverlight, Flash) • Native Applications (Mobile, Desktop Applications)
  • 8. OAuth 2.0 Authorization Grant Types • Resource Owner Password • Client Credentials • Authorization Code • Implicit • Refresh Token
  • 9. Development Options • OWIN – Open Web Interface for .NET • Middleware components for OAuth and CORS • http://owin.org • DotNetOpenAuth • C# implementation of the OpenID, OAuth and InfoCard protocols • http://dotnetopenauth.net
  • 10. Contact Information • [email protected] • https://github.com/JeremySBrown/AuthTokenPresentation • @JeremySBrown

Editor's Notes

  • #3: Not about Identity Management
  • #5: CORS: Cross Origin Resource Sharing Limited browser: http://caniuse.com/cors
  • #6: OAuth 2.0 is a specification that defines how a client: Request access tokens from authorization servers Present tokens to resource servers to access protected resources
  • #9: The first four are the primary. OAuth built in extensibility to define other grant types.
  • #10: OWIN defines a standard interface between .NET web servers and web applications. The goal of the OWIN interface is to decouple server and application, encourage the development of simple modules for .NET web development, and, by being an open standard, stimulate the open source ecosystem of .NET web development tools.