Tag Archives: authentication

Include UserId in Login Response (Token) – Web API 2

Hi everyone,

A quick post on how to include the user’s id in your login response when using Web API 2.

The default response to the /Token request is as follows:

{
“access_token”: “xxxxxxxxxxxxx_xxxx”,
“token_type”: “bearer”,
“expires_in”: 1209599,
“userName”: “test@test.com”,
“.issued”: “Mon, 23 Apr 2018 06:08:03 GMT”,
“.expires”: “Mon, 07 May 2018 06:08:03 GMT”
}

Once the changes below have been made the response will include a userId field:

{
“access_token”: “xxxxxxxxxxxxx_xxxx”,
“token_type”: “bearer”,
“expires_in”: 1209599,
“userName”: “test@test.com”,
“.issued”: “Mon, 23 Apr 2018 06:08:03 GMT”,
“.expires”: “Mon, 07 May 2018 06:08:03 GMT”,
“userId”: “xxxxxxx”
}

There are three very small changes required in order to add this functionality.

First, add an additional argument to CreateProperties in ApplicationOAuthProvider.cs

public static AuthenticationProperties CreateProperties(string userName, string userId)
{
IDictionary data = new Dictionary
{
{ "userName", userName },
// Add
{ "userId", userId }
};
return new AuthenticationProperties(data);
}

Pass userId to CreateProperties in ApplicationOauthProvider.

// ApplicationOAuthProvider.cs > GrantResourceOwnerCredentials
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager,
CookieAuthenticationDefaults.AuthenticationType);

// Add user id
AuthenticationProperties properties = CreateProperties(user.UserName, user.Id);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);

Pass userId to CreateProperties in AccountController.

// AccountController.cs > GetExternalLogin
if (hasRegistered)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);

ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager, OAuthDefaults.AuthenticationType);
ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager,
CookieAuthenticationDefaults.AuthenticationType);

// Add userid
AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName, user.Id);
Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);

Unsupported_Grant_Type – MVC Web Api (error)

Hi everyone,

I ran into the following error while attempting to authenticate using .NET Web Api:

POST http://localhost:63720/Token HTTP/1.1
Host: localhost:63720
Content-Type: application/json
Content-Length: 0
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Date: Mon, 16 Apr 2018 14:18:06 GMT
Content-Length: 34

{“error”:”unsupported_grant_type”}

This one was pretty straight forward. Ensure that have the correct content-type:

Content-Type: application/x-www-form-urlencoded

And finally, ensure that you provide a grant type in the request body:

grant_type=password&username=test_username&password=test_password

Thanks to the following stackoverflow post for the info: https://stackoverflow.com/a/29261024/522859

Change Default MVC5 Password Complexity Requirements – Passwords must have at least one non letter or digit character. Passwords must have at least one digit (‘0’-‘9’). Passwords must have at least one uppercase (‘A’-‘Z’)

Hey everyone,

I’ve started on a new MVC5 project and came across the following error message while trying to register a new user:

Passwords must have at least one non letter or digit character.
Passwords must have at least one digit (‘0’-‘9’).
Passwords must have at least one uppercase (‘A’-‘Z’)

While having a secure password is obviously important, I felt that most users would probably find these requirements a little extreme. After a bit of Googling I came across a StackOverflow post that mentioned a config class that you can use to edit these settings:

  1. // App_Start > IdentityConfig.cs
  2.  
  3. ...
  4.  
  5. // Configure validation logic for usernames
  6.             manager.UserValidator = new UserValidator<ApplicationUser>(manager)
  7.             {
  8.                 AllowOnlyAlphanumericUserNames = false,
  9.                 RequireUniqueEmail = true
  10.             };
  11.             // Configure validation logic for passwords
  12.             manager.PasswordValidator = new PasswordValidator
  13.             {
  14.                 RequiredLength = 6,
  15.                 RequireNonLetterOrDigit = true,
  16.                 RequireDigit = true,
  17.                 RequireLowercase = true,
  18.                 RequireUppercase = true,
  19.             };
  20.  
  21. ...

Twitter Authentication 401 Unauthorized – MVC4/5

Hey everyone,

Just testing out twitter authentication and ran into the following error:

Response Status code does not indicate success: 401 (Unauthorized).

To fix this, all you’ve got to do is go to you Twitter App settings and:
– Add a callback url (doesn’t have to be real)
– Check the ExternalLoginConfirmationViewModel checkbox

Unable to Find GoogleOAuth2AuthenticationOptions – MVC4/5

Hey everyone,

I was following the guide provided via the startup.auth.cs link on how to add Google authentication to your app. The problem I hit was that the example types used weren’t available, specifically GoogleOAuth2AuthenticationOptions.

Thankfully the fix fix for this was pretty easy, simply update OWIN via NuGet:

– Right click on your project
– Go to Manage NuGet Packages
– Click on the updates drop down
– Search for OWIN
– Update all of the relevant options

Thanks to this Stackoverflow post for the solution: http://stackoverflow.com/a/23606431/522859