Get IPrincipal from OAuth Bearer Token in OWIN

by

I found a part of the solution in this blog post: http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

So I created my own Provider as follows:

public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
    public override Task RequestToken(OAuthRequestTokenContext context)
    {
        var value = context.Request.Query.Get("access_token");

        if (!string.IsNullOrEmpty(value))
        {
            context.Token = value;
        }

        return Task.FromResult<object>(null);
    }
}

Then I needed to add it to my App in Startup.Auth.cs like this:

OAuthBearerOptions = new OAuthBearerAuthenticationOptions()
{
   Provider = new QueryStringOAuthBearerProvider(),
   AccessTokenProvider = new AuthenticationTokenProvider()
   {
       OnCreate = create,
       OnReceive = receive
   },
};

app.UseOAuthBearerAuthentication(OAuthBearerOptions);

With a custom AuthenticationTokenProvider, I can retrieve all other values from the token early in the pipeline:

public static Action<AuthenticationTokenCreateContext> create = new Action<AuthenticationTokenCreateContext>(c =>
{
    c.SetToken(c.SerializeTicket());
});

public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
{
    c.DeserializeTicket(c.Token);
    c.OwinContext.Environment["Properties"] = c.Ticket.Properties;
});

And now, for example in my WebSocket Hander, I can retrieve ClientId and others like this:

IOwinContext owinContext = context.GetOwinContext();
if (owinContext.Environment.ContainsKey("Properties"))
{
    AuthenticationProperties properties = owinContext.Environment["Properties"] as AuthenticationProperties;
    string clientId = properties.Dictionary["clientId"];
...
 }

More Related Contents:

  1. Running self-hosted OWIN Web API under non-admin account
  2. How to secure an ASP.NET Web API [closed]
  3. Unauthorised webapi call returning login page rather than 401
  4. Multiple actions were found that match the request in Web Api
  5. Token based authentication in Web API without any user interface
  6. Logging request/response messages when using HttpClient
  7. Post parameter is always null
  8. How can I use a reserved keyword as an identifier in my JSON model class?
  9. Web API 2: how to return JSON with camelCased property names, on objects and their sub-objects
  10. OWIN Security – How to Implement OAuth2 Refresh Tokens
  11. How to throttle requests in a Web Api?
  12. How to extend IdentityUser with custom property
  13. OWIN’s GetExternalLoginInfoAsync Always Returns null
  14. Call and consume Web API in winform using C#.net
  15. Where is HttpContent.ReadAsAsync?
  16. HttpClient single instance with different authentication headers
  17. Application_Error in global.asax not catching errors in WebAPI
  18. ASP.NET Web API and [Serializable] class
  19. How to use DI container when OwinStartup
  20. Disable *all* exception handling in ASP.NET Web API 2 (to make room for my own)?
  21. FromBody not binding string parameter
  22. Unhandled Exception Global Handler for OWIN / Katana?
  23. How do I fix a .NET windows application crashing at startup with Exception code: 0xE0434352?
  24. xUnit.net: Global setup + teardown?
  25. Displaying a collection of controls in Windows Forms
  26. WebClient runs javascript
  27. Method to determine if path string is local or remote machine
  28. .NET Short Unique Identifier
  29. Expression for Type members results in different Expressions (MemberExpression, UnaryExpression)
  30. What does “Beta: Use Unicode UTF-8 for worldwide language support” actually do?

Leave a Comment