OAuth with ASP.NET Identity

Sign in to queue


This video will show you how to use ASP.NET Identity that implements OAuth to:

1) register and signing users

2) request Access Token

3) use the access token to send authenticated requests to invoke protected web services

All the API tests will be done with Postman.





The Discussion

  • User profile image

    This is a great all-round introduction to Web API with OAuth as an additional bonus :)

  • User profile image

    Couldn't a malicious user enter their user id into the idea model in the header if they wanted to delete or modify an idea that didn't belong to them? It looks like the controller just compares the userid from the identity with the userid in the idea object submitted by postman, it doesn't compare from the idea object in the db.

  • User profile image

    Not that there was any expectation that this was production ready code, but I just tested this and yes, for sure, if you send the PUT message and specify your own user id in the Idea model payload you can modify Ideas that don't belong to your user!

  • User profile image

    @David: Thank you for mentioning that. In fact, I wanted to show that you can get UserId, but it seems now that this was not the best use case.

  • User profile image

    Hello Hussam, can you make how to secure API with OAuth(token) in asp core, thanks in advance

  • User profile image

    @HoussemDellai: then what would be the best case if this is not good as @David: mentioned in above comments ?

Add Your 2 Cents