Updating my katana process for liquidating a mutual fund
We will also see how we can call this web service successfully from a typical . Hi great post, I am using this approach but I have two sites that are load balanced, do you know if it is possible to store the access tokens in a database rather than in memory as seems to be the case?
Thanks @Andy I wound't go with that approach as obtaining an access token should be fairly easy through the Resource Owner Password Credentials Grant and each server in your web farm should get its own copy IMO. Did you ever do the followup, you mentioned in the summery. We need an webserver, with some webservices inside the firewall, and a web-server, with an application outside the firewall.
What we want to achieve at the end of the next two blog posts is actually very doable. OAuth Db Context class is derived from Identity Db Context class as you see.
We want to have a console application where we handle calls to our protected web service endpoints and access them in a delegated manner which means that the client will actually access the resources on behalf of a user (in other words, resource owner). Also notice that we have another Db Set property for clients.
However, we won't be accessing the web service with resource owner's credentials (username and password). System Web package which enables OWIN-based applications to run on IIS using the ASP. That will represent the information of the clients.
Instead, we will use the credentials to obtain an access token through the resource owner credentials grant and use that token to access the resources from that point on. The Client class is a shown below: This is the minimum that we need from the client to register in our authorization server.
Request: POST HTTP/1.1 User-Agent: Fiddler Content-Type: application/x-www-form-urlencoded Authorization: Basic NDJm Zj Vk YWQz Yz I3NGM5N2Ez YTdj M2Q0NGI2N2Ji NDI6Y2xp ZW50MTIz NDU2 Host: localhost:53523 Content-Length: 56 grant_type=password&username=Tugberk&password=user123456HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 550 Content-Type: application/json;charset=UTF-8 Expires: -1 Server: Microsoft-IIS/8.0 X-Source Files: =? In this post, we have set up our authorization server and we have a working OAuth 2.0 token endpoint which only supports "Resource Owner Password Credentials Grant" for now.
However, I don't think this is such a good idea comparing to sending the credentials through basic authentication.