The Token-Based Authentication works as Follows:
- A user enters the name and password into the client (client means the browser or mobile devices etc).
- The client then sends these credentials (i.e. username and password) to the Authorization Server.
- Then the Authorization Server authenticates the client credentials (i.e. username and password) and then it generates and returns an access token. This Access Token contains enough information to identify a user and also contains the token expiry time
- The client application then includes the Access Token in the Authorization header of the HTTP request to access the restricted resources from the Resource Server until the token is expired… full article
Single Sign On (SSO): characteristic of an authentication mechanism that relates to the user’s identity being used to provide access across multiple Service Providers.
Federation: common standards and protocols to manage and map user identities between Identity Providers across organizations (and security domains) via trust relationships (usually established via digital signatures, encryption, and PKI)… full article
The IHttpActionResult interface was introduced in Web API 2. Essentially, it defines an HttpResponseMessage factory. Some advantages of using the IHttpActionResult interface: (1) Simplifies unit testing your controllers (2) Moves common logic for creating HTTP responses into separate classes (3) Makes the intent of the controller action clearer, by hiding the low-level details of constructing the response. IHttpActionResult contains a single method, ExecuteAsync, which asynchronously creates an HttpResponseMessage instance… full article
ResponseType attribute is helpful for autogenerating documentation in tools like Swagger / Swashbuckle
CreatedAtRoute method is intended to return a URI to the newly created resource when you invoke a POST method to store some new object. So if you POST an order item for instance, you might return a route like ‘api/order/11’ (11 being the id of the new order)
ModelState.IsValid will basically tell you if there is any issues with your data posted to the server, based on the data annotations added to the properties of your model. If, for instance, you have a [Required(ErrorMessage = “Please fill”)], and that property is empty when you post your form to the server, ModelState will be invalid. The ModelBinder also checks some basic stuff for you. If, for instance, you have a BirthDate datepicker, and the property that this picker is binding to, is not a nullable DateTime type, your ModelState will also be invalid if you have left the date empty.
Final project Part III:
More topics covered:
- [ Authorize ]
- WebApi users Table
- Password requirements modification
Links:
- Class code: IHttpActionResult and ResponseType
- Class code: Token base authentication flow
- Class code: Easier password code snippet
- Class code: C# REST client for token based auth
- Web API with Individual Accounts – MSDN link
- Web API authentication tutorial
- Lesson Summary Video!
dotnethacker.home.blog 