(untagged)

Creating REST API with OAuth in VS 2013

Jnana

0.00/5 (No votes)

28 Oct 2014

This article describes steps to create rest api with OAuth and how to use those api using OAuth

Introduction

Web API uses OAuth framework to secure rest method. Api methods are secured by OAuth access token. To access those api, we must show accesstoken to api methods.

Steps to create API with OAuth

Step-1

Step-2

Select "Individual User Accounts"

Now application is created with OAuth authenication and API controller class surrounded by [Authorize] attribute. API are listed in http://localhost:50117/Help

[Authorize]
public class ValuesController : ApiController
{
}

Following code blocks are used to get the access token.

Registration:

User can register using API http://localhost:50117/api/Account/Register as

var registrationData =  {
    "UserName": "testapi@test.com",
    "Password": "Test$123",
    "ConfirmPassword": "Test$123"
};

$.ajax({
	type: "POST",
	url: 'http://localhost:50117/api/Account/Register/',
	data: JSON.stringify(registrationData),
	contentType: "application/json; charset=utf-8",
	success: function (response) { alert(JSON.stringify(response)); }
}).fail(function (response) { alert(JSON.stringify(response)); });

Access Token:

After registration we need to get Access token. We can use /Token api to get access token. We have enpoint code for access token in Startup.cs.

OAuthOptions = new OAuthAuthorizationServerOptions
{
	TokenEndpointPath = new PathString("/Token"),
    Provider = new ApplicationOAuthProvider(PublicClientId),
    AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
    AllowInsecureHttp = true
};

We can post user credential and get access token as

var accsessToken = '';
$.ajax({
	type: "POST",
	url: 'http://localhost:50117/Token',
	data: 'grant_type=password&username=testapi@test.com&password=Test$123',
	contentType: "Content-Type: application/x-www-form-urlencoded",
	success: function (response) { accsessToken = response.access_token; }
}).fail(function (response) { alert(JSON.stringify(response)); });

Access token response looks like

API Access:

After getting access token we can use api methods. AccessToken can be used as bearer token in requet header. To access api methods, we need to show access token.

$.ajax({
    type: "GET",
    url: 'http://localhost:50117/api/values',
    beforeSend: function (xhr) {
      xhr.setRequestHeader("Authorization", 'Bearer ' + accesstoken);
    },
    success: function (response) { alert(JSON.stringify(response)); }
    }).fail(function (response) { alert(JSON.stringify(response)); });

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here