Loading

ASP.NET Web API

How to implement Client Validation Using Basic Authentication in ASP.NET Web API?. The Complete ASP.NET Web API Developer Course 2022 [Videos].

In this Video, I am going to discuss how to implement Client Validation Using Basic Authentication in Web API. Please watch our previous Video before proceeding to this Video as we are going to work the same example. In our last Video, we discussed how to implement Token Based Authentication in ASP.NET Web API.

If you observed in the last Video, we have created the following MyAuthorizationServiceProvider class.

Client Validation Using Basic Authentication in Web API

The first method i.e. ValidateClientAuthentication method is responsible for validating the Client, in the above example, we assume that we have only one client so well always return that it is validated successfully.

Lets change the requirement. Assume that we have more than one client, who is going to consume our service. In such a case, we need to validate the clients within the ValidateClientAuthentication method.

Lets see how to achieve this.

For this, we are going to use the following ClientMaster table

Client Validation Using Basic Authentication in Web API

Please use below SQL Script to create and populate the ClientMaster table with some test data.

USE SECURITY_DB
GO
-- Create ClientMaster table
CREATE TABLE ClientMaster
(
ClientKeyId INT PRIMARY KEY IDENTITY,
ClientId VARCHAR(500),
ClientSecret VARCHAR(500),
ClientName VARCHAR(100),
CreatedOn DateTime
)
GO
-- Populate the ClientMaster with test data
Once you create the ClientMaster table, then you need to update the EDMX file to add the above ClientMaster table.







Create a class file with the name ClientMasterRepository.cs and then copy and paste the following code.
namespace TokenAuthenticationInWebAPI.Models
{
public class ClientMasterRepository : IDisposable
{
// SECURITY_DBEntities it is your context class
SECURITY_DBEntities context = new SECURITY_DBEntities();
//This method is used to check and validate the Client credentials
public ClientMaster ValidateClient(string ClientID, string ClientSecret)
{
return context.ClientMasters.FirstOrDefault(user =>
user.ClientId == ClientID
&& user.ClientSecret == ClientSecret);
}
public void Dispose()
{
context.Dispose();
}
}
}

Here we create the ValidateClient method which is very straightforward. Its the ClientID and ClientSecret as input parameter and checks in the ClientMaster table whether the client is valid or not and it simply returns the client details.

Now we need to modify the ValidateClientAuthentication() method of MyAuthorizationServerProvider class as shown below.
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId = string.Empty;
string clientSecret = string.Empty;
// The TryGetBasicCredentials method checks the Authorization header and
// Return the ClientId and clientSecret
if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
{
context.SetError("invalid_client", "Client credentials could not be retrieved through the Authorization header.");
context.Rejected();
return;
}
//Check the existence of by calling the ValidateClient method
ClientMaster client = (new ClientMasterRepository()).ValidateClient(clientId, clientSecret);
if (client != null)
{
// Client has been verified.
context.OwinContext.Set<ClientMaster>("oauth:client", client);
context.Validated(clientId);
}
else
{
// Client could not be validated.
context.SetError("invalid_client", "Client credentials are invalid.");
context.Rejected();
}
context.Validated();
}

Note: We need to pass the ClientId and ClientSecret using the Basic authentication in the authorization header i.e. in Base64 encoded format.

Modify the GetResource1 action method of the TestController as shown below.

Client Validation Using Basic Authentication in Web API

Testing the API using Postman:

Lets first create the Base64 Encode value by for the ClientID and ClientSecret by using the following website

https://www.base64encode.org/

Enter the ClientID and ClientSecret separated by a colon (:) in “Encode to Base64 format” textbox, and then click on the “Encode” button as shown in the below diagram which will generate the Base64 encoded value.

Client Validation Using Basic Authentication in Web API

Once you generate the Base64 encoded string, lets see how to use basic authentication in the header to pass the Base64 encoded value.

Here we need to use the Authorization header and the value will be the Base64 encoded string followed the “BASIC” as shown below.

Authorization: BASIC QzFBMDNCMTAtN0Q1OS00MDdBLUE5M0UtQjcxQUIxN0FEOEMyOjE3N0UzMjk1LTA2NTYtNDMxNy1CQzkxLUREMjcxQTE5QUNGRg==

Lets see step by step procedure to use the Postman to generate the Access Token

Step1:

Select the Method as POST and provide URI as shown below in the below image

Client Validation Using Basic Authentication in Web API

Step2:

Select the Header tab and provide the Authorization value as shown below.

Authorization: BASIC QzFBMDNCMTAtN0Q1OS00MDdBLUE5M0UtQjcxQUIxN0FEOEMyOjE3N0UzMjk1LTA2NTYtNDMxNy1CQzkxLUREMjcxQTE5QUNGRg==

Client Validation Using Basic Authentication in Web API

Step3:

Select the Body Tab. Then choose x-www-form-urlencoded option and provide the username and password value. Provide the grant_type value as password as shown in the below image,

Client Validation Using Basic Authentication in Web API

Now click on the Send button which will generate the access token as shown below.

Client Validation Using Basic Authentication in Web API

Once the access token is generated, we use that token to access the resources as shown below.

Client Validation Using Basic Authentication in Web API

In the next Video, I will discuss how to generate Refresh Token in ASP.NET Web API. Here, in this Video, I try to explain how to implement Client Validation Using Basic Authentication in Web API with an example. I hope this Video will help you with your need. I would like to have your feedback. Please post your feedback, question, or comments about this Video.

See All

Comments (563 Comments)

Submit Your Comment

See All Posts

Related Posts

ASP.NET Web API / Blog

What is ASP.NET Web API Application?

In this ASP.NET Web API Tutorials series, I covered all the features of ASP.NET Web API. You will learn from basic to advance level features of ASP.NET Web API. The term API stands for “Application Programming Interface” and ASP.NET Web API is a framework provided by Microsoft which makes it easy to build Web APIs, i.e. it is used to develop HTTP-based web services on the top of .NET Framework.
3-Feb-2022 /34 /563

ASP.NET Web API / Blog

How to creat ASP.NET Web API Application using Visual Studio?

In this article, I am going to discuss the step-by-step procedure for Creating ASP.NET Web API Application. Please read our previous article before proceeding to this article where we gave an overview of the ASP.NET Web API framework. As part of this article, we ate going to discuss the following pointers.
3-Feb-2022 /34 /563

ASP.NET Web API / Blog

How to add Swagger in Web API Application?

In this article, I am going to discuss how to add Swagger in Web API Application to document and test restful Web API services. Please read our previous article where we discussed How to Create an ASP.NET Web API Application step by step before proceeding to this article as we are going to work with the same example. As part of this article, we are going to discuss the following pointers.
3-Feb-2022 /34 /563