I have a question about the bearer token. I have two scenarios in my application. 1st is an admin panel that works with ASP.NET MVC and angularjs and the 2nd is the WEB Api that exchanges requests with a WPF application. My question is about the token, if it's indifferent I use it for an ASP.NET MVC controller and a web controller api.
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
try
{
DbEngine db = new DbEngine();
var user = db.AutenticacaoAPI(context.UserName, context.Password);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
if (user.Status)
{
identity.AddClaim(new Claim(ClaimTypes.Name, user.Value.ST_NOME));
identity.AddClaim(new Claim(ClaimTypes.Email, user.Value.ST_LOGIN));
}
context.Validated(identity);
}
catch
{
context.SetError("Usuário e senha inválidos", "Error");
}
}
}
and the Controller code to request the user information only to test the service
[Authorize]
[HttpGet]
public JsonResult UserInfo(string login)
{
using (DbEngine db = new DbEngine())
{
try
{
return new JsonResult
{
Data = db.GetUser(login),
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
catch (Exception ex)
{
return ex.ReturnException(HttpStatusCode.InternalServerError);
}
}
}
Here is the token return
Andhereisthecallthatreturnsthiserrorevenwiththetokenintheheader
Thanks for the help.