Professional Documents
Culture Documents
WEBAPI Features and Authentication
WEBAPI Features and Authentication
WEBAPI Features and Authentication
The ASP.NET Web API is an extensible framework for building HTTP based services that can be accessed
in different applications on different platforms such as web, windows, mobile etc. It works more or less
the same way as ASP.NET MVC web application except that it sends data as a response instead of html
view.
Authentication Types
Providing a security to the Web API’s is important so that we can restrict the users to access to it. We
can provide the security in two different ways:
1. Basic authentication.
2. Token based authentication.
NuGet packages:
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth
Microsoft.Owin.Cors
Token Based authentication:
Example: URL for which token based authentication is implemented (custom token)
Access Token:
o Allows you to access your Api’s without re-entering the user’s credentials.
o Each Access token has expiration time and we can set the expiration time in Startup class.
o We can regenerate the access token if it is expired.
Refresh token:
o If the current ‘Access Token’ is expires, then we can get the new access token by using ‘Refresh
Token’.
Expires_in:
o This indicate the expiration time of access token. We can customize the expiration time according
to our requirements.
Token type:
o This indicate the type of the token that we need to add in the header.