Creating REST API with OAuth in VS 2013

Jnana

Rate me:

3.81/5 (11 votes)

28 Oct 2014CPOL

22.6K

This article describes steps to create rest api with OAuth and how to use those api using OAuth

Introduction

Web API uses OAuth framework to secure rest method. Api methods are secured by OAuth access token. To access those api, we must show accesstoken to api methods.

Steps to create API with OAuth

Step-1

Step-2

Select "Individual User Accounts"

Now application is created with OAuth authenication and API controller class surrounded by [Authorize] attribute. API are listed in http://localhost:50117/Help

C++

[Authorize]
public class ValuesController : ApiController
{
}

Following code blocks are used to get the access token.

Registration:

User can register using API http://localhost:50117/api/Account/Register as

C++

var registrationData =  {
    "UserName": "testapi@test.com",
    "Password": "Test$123",
    "ConfirmPassword": "Test$123"
};

$.ajax({
	type: "POST",
	url: 'http://localhost:50117/api/Account/Register/',
	data: JSON.stringify(registrationData),
	contentType: "application/json; charset=utf-8",
	success: function (response) { alert(JSON.stringify(response)); }
}).fail(function (response) { alert(JSON.stringify(response)); });

Access Token:

After registration we need to get Access token. We can use /Token api to get access token. We have enpoint code for access token in Startup.cs.

C++

OAuthOptions = new OAuthAuthorizationServerOptions
{
	TokenEndpointPath = new PathString("/Token"),
    Provider = new ApplicationOAuthProvider(PublicClientId),
    AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
    AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
    AllowInsecureHttp = true
};

We can post user credential and get access token as

C++

var accsessToken = '';
$.ajax({
	type: "POST",
	url: 'http://localhost:50117/Token',
	data: 'grant_type=password&username=testapi@test.com&password=Test$123',
	contentType: "Content-Type: application/x-www-form-urlencoded",
	success: function (response) { accsessToken = response.access_token; }
}).fail(function (response) { alert(JSON.stringify(response)); });

Access token response looks like

API Access:

After getting access token we can use api methods. AccessToken can be used as bearer token in requet header. To access api methods, we need to show access token.

C++

$.ajax({
    type: "GET",
    url: 'http://localhost:50117/api/values',
    beforeSend: function (xhr) {
      xhr.setRequestHeader("Authorization", 'Bearer ' + accesstoken);
    },
    success: function (response) { alert(JSON.stringify(response)); }
    }).fail(function (response) { alert(JSON.stringify(response)); });

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Written By

Jnana

Software Developer

India

This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.