Token end point not resolving against a controller type
-
20-12-2019 - |
Question
I've been trying to follow examples of how to configure Web Api to use bearer tokens with Asp.Net Identity 2.0, and I've run into a hiccup. Following this tutorial http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api it states that i should be able to post to http://{servername}/Token to get a bearer token. when i do this, i get an exception for Castle Windsor when it tries to resolve Token as a controller.
What i'm trying to accomplish overall is to sign in using using the canned Account controller and then retrieve a token. I am trying to use both cookies and bearer tokens.
- is this the right approach to use the default account controller to authenticate?
- if this is not the correct approach, should i follow the tutorial more closely and have the user sign-in against an api controller?
- what do i need to do for my IoC configuration to make sure my end points resolve?
Solution
Authorization in WebApi should be handled in a MessageHandler, not at controller level.
You should create a MessageHandler responsable to verify an OAuth Berarer Token: that message handler may(should) resolved by your IoC and than configurated in the WebApi pipeline.
public static void RegisterGlobalHandlers(HttpConfiguration config, IWindsorContainer container)
{
var authorizationMessageHandler = container.Resolve<AuthorizationMessageHandler>();
config.MessageHandlers.Add(authorizationMessageHandler);
}
DotNetOpenOAuth is a great place to start: have a look to the mvc5 sample/message handler implementation.