OAuth with ASP.NET Identity

Sign in to queue

Description

This video will show you how to use ASP.NET Identity that implements OAuth to:

1) register and signing users

2) request Access Token

3) use the access token to send authenticated requests to invoke protected web services

All the API tests will be done with Postman.

Tags:

ASP.NET, MVP, OAuth

Embed

Download

The Discussion

  • User profile image
    Niner551388

    This is a great all-round introduction to Web API with OAuth as an additional bonus :)

  • User profile image
    David

    Couldn't a malicious user enter their user id into the idea model in the header if they wanted to delete or modify an idea that didn't belong to them? It looks like the controller just compares the userid from the identity with the userid in the idea object submitted by postman, it doesn't compare from the idea object in the db.

  • User profile image
    David

    Not that there was any expectation that this was production ready code, but I just tested this and yes, for sure, if you send the PUT message and specify your own user id in the Idea model payload you can modify Ideas that don't belong to your user!

  • User profile image
    Houssem​Dellai

    @David: Thank you for mentioning that. In fact, I wanted to show that you can get UserId, but it seems now that this was not the best use case.

  • User profile image
    mohd2sh

    Hello Hussam, can you make how to secure API with OAuth(token) in asp core, thanks in advance

Add Your 2 Cents