Here, I’m continuing with my ASP.NET Web API series. I hope you are enjoying this. Today, we will learn how we can authenticate our ASP.NET Web API application. You can follow my other articles of this series.
In this article, I’m using Visual Studio 2013. With the help of Fiddler, we can make HTTP requests as well as we get the return request. Follow the steps according to the below screenshot to create an application.
Select Web API template from the templates and choose the authentication that you want, by clicking on Change Authentication. The Individual User Accounts option is for the applications that store user profiles in a SQL Server database. So, you can register or sign in using the existing account for Facebook, Twitter, Microsoft, Google, or another provider of your choice.
After learning from the previous article, you probably know about the value Controller that is our API controller. In this Controller, we can call everything just like MVC Controller. This Controller contains HTTP methods. I want to make some changes in my string.
So, in a Web API solution, you’ve three Controllers - Account, Home, and Values. The Account Controller is responsible for the authentication logic while Home Controller is our MVC Controller where you can work with Views.
In the Values Controller, remove the [Authorize] attribute and run your application. In the URL, API would be prefix and Values would be your Web API Controller. So, here we got XML of the string.
Under Account Controller, you’ll find register method that we’ll work on today. What about other methods under Account Controller? It is mandatory to run your application once again.
The UI is available. Click on to “API”.
In this API, you will find Account and Values Controller (API Controllers). In Account Controller, you can see there are many APIs, such as UserInfo, Logout, and so on. But, we’ll work on Register method. In the Values Controller, there are several HTTP methods. Click on to Register method to see how many strings there are.
In the below screenshot, you can see how you can call this API. Post is the HTTP method that means request would be Post type and the URL would be api/Account/Register. To call this API, I’ll use Fiddler.
So, what is the Fiddler and what Fiddler can do for us?
For this, you can visit my first article of Web API series.
Now, I hope you know better about Fiddler. Pass the Web URL and create a JSON request in the request body including additional HTTP header that is called content-type. Click on Execute button at top-right of the window. Make sure your application is in running mode.
Request will be processed. It might take few minutes because of Visual Studio setting up database environment first time. After this, you will get a return request of 200 which means we posted our data. The response of your request is as follows.
What do you think, are the changes that might happen in your project? Let’s check i out. Go back to your solution and open Server Explorer and refresh Data Connections. There are several tables in the Tables folder.
Right click on one of the users tables and explore its data.
Now, you have a user. What things can you do now? If you noted that there is no any specific real API for the LogIn in the Account Controller, then how can we call the Values Controller ?
So, we can get the information of login form the Startup.Auth.cs. This file contains lots of important properties, like TokenEndpointPath that is for login with the token. One more thing is that you have to do write [Authorize] at the starting of your Values Controller.
Now, URL and content header would be changed. The grant_type in the request body is entered by the user for generating access token. Make a request by clicking on Execute.
I’ve made the request successfully, which is 200. So, we get our data that we requested for. In the JSON tab, we’ve a token which is generated by the Server along with the token type which means give the accessibility to accessing. Go to Raw tab and copy the actual token from there. Then, paste it in notepad for further use.
To call the Values Controller, make some changes in the Fiddler once again. This time, the HTTP request would be “Get” and URL would be of “Values Controller”. Pass the header of Authorization bearer along with the Authentication token which looks like the following figure. Hit the Execute button.
We’ve a successful request of 200. In the JSON tab, you can check I got my string which is in my Values Controller.
Now, we make a request without any token or header. Remove all and hit the Execute button.
Here, we got 401 Unauthorized error. That means the request is unauthorized and you can’t access the Values Controller.
Thanks for reading this article. Stay tuned with me for more on ASP.NET Web API.