Tag Archives: authentication

Include UserId in Login Response (Token) – Web API 2

Hi everyone,

A quick post on how to include the user’s id in your login response when using Web API 2.

The default response to the /Token request is as follows:

“access_token”: “xxxxxxxxxxxxx_xxxx”,
“token_type”: “bearer”,
“expires_in”: 1209599,
“userName”: “test@test.com”,
“.issued”: “Mon, 23 Apr 2018 06:08:03 GMT”,
“.expires”: “Mon, 07 May 2018 06:08:03 GMT”

Once the changes below have been made the response will include a userId field:

“access_token”: “xxxxxxxxxxxxx_xxxx”,
“token_type”: “bearer”,
“expires_in”: 1209599,
“userName”: “test@test.com”,
“.issued”: “Mon, 23 Apr 2018 06:08:03 GMT”,
“.expires”: “Mon, 07 May 2018 06:08:03 GMT”,
“userId”: “xxxxxxx”

There are three very small changes required in order to add this functionality.

First, add an additional argument to CreateProperties in ApplicationOAuthProvider.cs

public static AuthenticationProperties CreateProperties(string userName, string userId)
IDictionary data = new Dictionary
{ "userName", userName },
// Add
{ "userId", userId }
return new AuthenticationProperties(data);

Pass userId to CreateProperties in ApplicationOauthProvider.

// ApplicationOAuthProvider.cs > GrantResourceOwnerCredentials
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,

// Add user id
AuthenticationProperties properties = CreateProperties(user.UserName, user.Id);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);

Pass userId to CreateProperties in AccountController.

// AccountController.cs > GetExternalLogin
if (hasRegistered)

ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager,

// Add userid
AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName, user.Id);
Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);

Unsupported_Grant_Type – MVC Web Api (error)

Hi everyone,

I ran into the following error while attempting to authenticate using .NET Web Api:

POST http://localhost:63720/Token HTTP/1.1
Host: localhost:63720
Content-Type: application/json
Content-Length: 0
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Date: Mon, 16 Apr 2018 14:18:06 GMT
Content-Length: 34


This one was pretty straight forward. Ensure that have the correct content-type:

Content-Type: application/x-www-form-urlencoded

And finally, ensure that you provide a grant type in the request body:


Thanks to the following stackoverflow post for the info: https://stackoverflow.com/a/29261024/522859

Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

Hey everyone,

I’ve started on a new MVC5 project and came across the following error message while trying to register a new user:

Passwords must have at least one non letter or digit character.
Passwords must have at least one digit (‘0’-‘9’).
Passwords must have at least one uppercase (‘A’-‘Z’)

While having a secure password is obviously important, I felt that most users would probably find these requirements a little extreme. After a bit of Googling I came across a StackOverflow post that mentioned a config class that you can use to edit these settings:

  1. // App_Start > IdentityConfig.cs
  3. ...
  5. // Configure validation logic for usernames
  6.             manager.UserValidator = new UserValidator<ApplicationUser>(manager)
  7.             {
  8.                 AllowOnlyAlphanumericUserNames = false,
  9.                 RequireUniqueEmail = true
  10.             };
  11.             // Configure validation logic for passwords
  12.             manager.PasswordValidator = new PasswordValidator
  13.             {
  14.                 RequiredLength = 6,
  15.                 RequireNonLetterOrDigit = true,
  16.                 RequireDigit = true,
  17.                 RequireLowercase = true,
  18.                 RequireUppercase = true,
  19.             };
  21. ...

Twitter Authentication 401 Unauthorized – MVC4/5

Hey everyone,

Just testing out twitter authentication and ran into the following error:

Response Status code does not indicate success: 401 (Unauthorized).

To fix this, all you’ve got to do is go to you Twitter App settings and:
– Add a callback url (doesn’t have to be real)
– Check the ExternalLoginConfirmationViewModel checkbox

Unable to Find GoogleOAuth2AuthenticationOptions – MVC4/5

Hey everyone,

I was following the guide provided via the startup.auth.cs link on how to add Google authentication to your app. The problem I hit was that the example types used weren’t available, specifically GoogleOAuth2AuthenticationOptions.

Thankfully the fix fix for this was pretty easy, simply update OWIN via NuGet:

– Right click on your project
– Go to Manage NuGet Packages
– Click on the updates drop down
– Search for OWIN
– Update all of the relevant options

Thanks to this Stackoverflow post for the solution: http://stackoverflow.com/a/23606431/522859