Web API and Owin OAuth - redirect to another domain (redirect_uri)

Question

Web API and Owin OAuth - redirect to another domain (redirect_uri)

Navigation

#1 by (1 votes)

9

Good afternoon, I'm having a problem implementing external login in a project I'm working on.

ASP.NET Web API + Owin + OAuth.

Environment: I work with two Server1 and Server2 servers.

Server1: Server published on the WEB. It hosts files (HTML, CSS, JS). In addition, it functions as a proxy. All incoming calls (which are not called files) are redirected to Server2.

Server2: Unpublished server. Receives calls only on Server1. This server hosts a WEB API and is the one where the user must be authenticated.

Problem: When logging in to Server2, Owin returns the following parameter as redirect_uri:

&redirect_uri=http://server2/signin-google

Since the parameter I need to return would be:

&redirect_uri=http://server1/signin-google

The only setting I found was CallbackPath:

googleAuthOptions = new GoogleOAuth2AuthenticationOptions() {
    ClientId = "xxxxxxx",
    ClientSecret = "xxxxxxx",
    CallbackPath = new PathString("/path"),    
    Provider = new GoogleAuthProvider()
};

But this setting does not work since new PathString("http://server1/signin-google") is not a valid value.

Does anyone know how I solve this problem?

c# asp.net-web-api asp.net-mvc owin oauth

asked by anonymous 09.05.2016 / 22:01

1 answer

What is the difference between [] and [[]] in R? Know if a video paused to upload?

score 1 · Answer 1

I had a difficulty with Web API and Owin OAuth, I followed the structure below and how I solved it, maybe I can help you.

1) I have a web site in asp.net mvc that logs in via identity and Owin OAuth usually: facebook and google;

2) I have an asp.net web api to serve 3 apps (android, ios and windows phone);

3) Apps need authentication via identity or social (facebook or google) to access the web api;

Initially I tried to make the api web able to provide the social authentication options to the apps and had some difficulties, I gave up because it had an urgent implementation. I decided to request, confirm and receive the token via OAuth web, in case of a social login. With the token I make the registration in the identity and I happen to have them authenticated in identity normally.