OAuth with ASP.NET Identity

Download this episode

Download Video

Download captions

Download Captions

Description

This video will show you how to use ASP.NET Identity that implements OAuth to:

1) register and signing users

2) request Access Token

3) use the access token to send authenticated requests to invoke protected web services

All the API tests will be done with Postman.

Tags:

ASP.NET, MVP, OAuth

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Niner551388

      This is a great all-round introduction to Web API with OAuth as an additional bonus :)

    • User profile image
      David

      Couldn't a malicious user enter their user id into the idea model in the header if they wanted to delete or modify an idea that didn't belong to them? It looks like the controller just compares the userid from the identity with the userid in the idea object submitted by postman, it doesn't compare from the idea object in the db.

    • User profile image
      David

      Not that there was any expectation that this was production ready code, but I just tested this and yes, for sure, if you send the PUT message and specify your own user id in the Idea model payload you can modify Ideas that don't belong to your user!

    Add Your 2 Cents