Authorize using Oauth2 Token in Asp.Net WebAPI

Question

Hello I am building an ASP.Net WebApi. First I authorized the WebApi using basic authentication .net membership provider and the Thinktecture Identitymodel.

var authConfig = new AuthenticationConfiguration();

authConfig.AddBasicAuthentication((username, password) => Membership.ValidateUser(username, password));

config.MessageHandlers.Add(new AuthenticationHandler(authConfig));

I guess it couldn't be made any easier.

To take it a step further i've set up the Thinktecture IdentityServer which provides me with oauth2 tokens. My question is how do i validate the access tokens the client sends me (the WebApi) with the identity server?

I've been looking into the AddJsonWebToken methods the IdentityModel provides, but I can't really figure out wich uri (endpoint) in the identityserver i should call to validate the token. Probaply I'm just completly lost here and missing the point, any help would be greatly appriciated!

To summarize:

How do I validate the access_tokens i receive in my WebApi and how do I wire that to the [Authorize] attribute?

Answer 1

Simply call AddJsonWebToken in you web api config - and add the issuer name, signing key and realm uri.

There is no need to call idsrv for validation.

Here's a sample: http://leastprivilege.com/2012/05/26/thinktecture-identitymodel-and-asp-net-web-api/