Token Provider Asp.Net WebAPI

2

In the company I work with we do authentication and authorization via Bearer Token in an asp.net webapi app, however I keep some information about user permissions with Claims ... and this makes the Token look huge.

I found a way to generate the token myself, to mount a hash itself by extending this AuthenticationTokenProvider class.

public class AccessTokenProvider: AuthenticationTokenProvider
{
    public override void Create(AuthenticationTokenCreateContext context)
    {
        var token = Guid.NewGuid();
        context.SetToken(token.ToString());
    }
}

But at the time of the request this token generated by min does not work, the impression I have is that it does not identify the user by this token ...

Are there any other methods that I need to override?

Anyway, my goal is just to make my token smaller, if there is any other way to do that, it helps.

Hugs!

After some research I've implemented this way:

public class AccessTokenProvider: AuthenticationTokenProvider
{

    private readonly ConcurrentDictionary<string, AuthenticationTicket> _authenticationCodes =
                  new ConcurrentDictionary<string, AuthenticationTicket>(StringComparer.Ordinal);

    public override Task CreateAsync(AuthenticationTokenCreateContext context)
    {
        return Task.Run(() =>
        {
            var token = Guid.NewGuid().ToString();
            context.SetToken(token);

            _authenticationCodes.TryAdd(token, context.Ticket);
        });
    }

    public override Task ReceiveAsync(AuthenticationTokenReceiveContext context)
    {
        return Task.Run(() =>
        {
            AuthenticationTicket ticket;

            if (_authenticationCodes.TryGetValue(context.Token, out ticket))
            {
                if (ticket.Properties.ExpiresUtc != null && ticket.Properties.ExpiresUtc.Value < DateTime.UtcNow)
                {
                    _authenticationCodes.TryRemove(context.Token, out ticket);
                }
                context.SetTicket(ticket);
            }
        });
    }
}

The ReceiveAsync method is never called.

    
asked by anonymous 21.02.2017 / 14:04

1 answer

1

Answering my own question:

BearerOptions = new OAuthBearerAuthenticationOptions { Provider = new OAuthBearerAuthenticationProvider(), AccessTokenProvider = Options.AccessTokenProvider // -- Esta linha resolveu };

It was missing to inform that the token generator had been cutomizado in the options of BearerAuthenticationOptions.

That's all

    
21.02.2017 / 19:26