How do I Use JWT Authentication with Owin in ASP.NET 4.x Web API?

GabeCoach · March 16, 2018, 1:47am

I am building a new application that will be using Angular 5 on the front end, and ASP.NET 4.5, along with Web API and Owin on the back.

I want to use Okta to validate the id_token recieved when a user is authenticated to secure my api’s. To do this I will use the [Authorize] attribute to validate if a request contains a valid token.

I am new to Okta as an identity provider, and I am use to configuring these settings in a Owin startup file, along with the Web API configuration.

How do I configure my applications Owin startup.cs file to accept JWT/id_token I receive from incoming requests from my API?

Here is my Startup.cs file

 public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        // Configure Web API
        WebApiConfig.Configure(app);
    }
}

Here is my WebApiConfig.cs file

 public static class WebApiConfig
{
    public static void Configure(IAppBuilder app)
    {
        HttpConfiguration config = new HttpConfiguration();
        // Web API routes
        config.MapHttpAttributeRoutes();
        config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
        //config.MessageHandlers.Add(new PreflightRequestHandler());
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional });

        app.UseWebApi(config);
    }
}

nate.barbettini · March 16, 2018, 5:29pm

For this scenario (a SPA calling a backend API), you should use an access token to authorize API calls. We have a tutorial just for this: Angular frontend + ASP.NET 4.x API backend!

Let me know if that tutorial has the info you need.

GabeCoach · March 19, 2018, 3:11pm

Thank you, It works perfectly!

pbramesh · September 14, 2018, 5:48pm

Hi,

I have built an application as per the tutorial. It is working perfectly in my development machine. But it is not working in my server when I deployed.

Do we have any option to debug this to find the root cause.

Is there any change in the given below statement.

 ValidAudience = "api://default",

system · January 12, 2024, 11:39pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Existing SPA (Angular) and with ASP.NET 4.x Webapi as backend Questions	1	2546	February 12, 2024
Authenticating using API Token vs JWT Token OAuth/OIDC	1	4563	February 12, 2024
Does Okta SDK support It-token-only to secure .net framework web-api? Questions	3	3821	February 4, 2020
Verify access token in ASP.Net Core 2.0 backend forwarded from Angular 4 SPA - OpenIDC OAuth/OIDC dotnet	4	6170	February 13, 2018
Okta Bearer Token is not Populating HTTPContext.Identity Questions	1	3514	January 25, 2024

How do I Use JWT Authentication with Owin in ASP.NET 4.x Web API?

Related topics