Using fiddler to test ASP NET Web API token based authentication

Рет қаралды 203,496

Күн бұрын

In this video we will discuss how to test ASP.NET Web API token based authentication using fiddler.
Text version of the video
csharp-video-tu...
Healthy diet is very important both for the body and mind. If you like Aarvi Kitchen recipes, please support by sharing, subscribing and liking our KZbin channel. Hope you can help.
/ @aarvikitchen5572
Slides
csharp-video-tu...
All ASP .NET Web API Text Articles and Slides
csharp-video-tu...
All ASP .NET Web API Videos
• ASP.NET Web API tutori...
All Dot Net and SQL Server Tutorials in English
www.youtube.co...
All Dot Net and SQL Server Tutorials in Arabic
/ kudvenkatarabic
In our previous video we have registered a new user with the following email address and password. The username is also the email address.
Email : test1@test.com
Password : Test123!
Now let's use fiddler and generate the access token using the above username and password. Use the Composer tab in Fiddler to compose a request.
Issue a POST request to /token
In the request body include username and the password.
We also need to set grant_type=password. This indicates that we are presenting password for acquiring access token.
With the above configuration in place, click the Execute button in Fiddler. Notice we get the access token back. You can also see when the token is issued and when it expires.
Now let's understand how the access token is generated.
The code that generates the access token is provided by ASP.NET Web API out of the box. To see this code open the file "Startup.Auth.cs" that is present in App_Start folder. Notice in the ConfigureAuth() method
1. An instance of OAuthAuthorizationServerOptions is created
2. The /Token end point to which we have posted username and password is specified in here
3. The token expiry is specified using AccessTokenExpireTimeSpan property. In this case the token expires 14 days after it is issued. You can change this to meet your application needs.
4. The Provider property is initialized with a new instance of ApplicationOAuthProvider class. This class has GrantResourceOwnerCredentials() method which verifies if the provided username and password are valid. If valid an access token is issued. The token is generated when context.Validated(ticket) method is called.
Now let us see how to call EmployeesController and retrieve employees data.
If we issue a GET request to /api/employees we get 401 Unauthorized error. Since the EmployeesController is decorated with [Authorize] attribute, the request needs to be authenticated. So with every request we have to send the Bearer token using Authorization header
In our next video we will discuss implementing the Login page for the sample application that we have been working with in this series.

Пікірлер: 74

@marcusveloso5048 7 жыл бұрын

Thanks man, this really helped me A LOT!

@Csharp-video-tutorialsBlogspot 7 жыл бұрын

Thank you very much for taking time to give feedback. This means a lot. I am very glad you found the videos useful. I have organised all the Dot Net & SQL Server videos in to playlists, which could be useful to you kzbin.infoplaylists?view=1&sort=dd If you need DVDs or to download all the videos for offline viewing please visit www.pragimtech.com/order.aspx Slides and Text Version of the videos can be found on my blog csharp-video-tutorials.blogspot.com Tips to effectively use my youtube channel. kzbin.info/www/bejne/r2ibYYCtnb5qZtU If you want to receive email alerts, when new videos are uploaded, please subscribe to my youtube channel. kzbin.info If you like these videos, please click on the THUMBS UP button below the video. May I ask you for a favor. I want these tutorials to be helpful for as many people as possible. Please share the link with your friends and family who you think would also benefit from them. Good Luck Venkat

@omkarmanjare4936 7 жыл бұрын

I have been mastering the windows platform tools and technologies by your videos... I have witnessed change in your voice and speed throughout these years.... Thanks a lot for years of knowledge transfer...

@chandanadas7860 4 жыл бұрын

you teach the thing so Well and Precise..i can listen you for long and have learned a lot.your accent is nicely spoken.always wondered you should have 2M subs.i have so many doubt from the college days to till working have been cleared.thanks to you.

@itspreethisworld848 6 жыл бұрын

i cant thank you enof for the awesome tutorials you provide, the questions which arises in my mind are immediately answered by you, i appreciate the way you think from a student perspective, May whole universe bless you and your teaching never stops.

@sudarshanjadi4537 7 жыл бұрын

The tutorials are really really helpful, these really boost ones confidence, great content with precise information, wonderful clarity

@shingao247 7 жыл бұрын

Your videos save my life. Thanks Sir, Keep going..

@knp5301 4 жыл бұрын

Sir Amazing Videos.Very very Useful for carrier.

@richard_popov 6 жыл бұрын

You save my life! Thank you for your tutorials

@FlyingSeaHorseInTheSky 4 жыл бұрын

where did you write token api?? I checked through part 20-23, didn't find it.

@jeewanintube 7 жыл бұрын

Thank you Master Venkat. Please Cover, file upload and MultiPart MIME if possible.

@ashuuas 3 жыл бұрын

Thank You man you are Best..

@kathiravankkathir 7 жыл бұрын

Thanks for your valuable video tutorials

@ShaoranDas59884 6 жыл бұрын

Thank you, it's a complete guide! Go on!

@AliHassanLearnMVC 7 жыл бұрын

please make a video tutorial on asp.net mvc user roles and rights management ..and assigning different roles to different users ....Thanks in Advance...

@bassemzaitoun3724 7 жыл бұрын

Thank you for you helpful courses, just I didn't understand the Provider class, is it a new class I have to create or it has need created with the OAuth?

@JaydeepSakariya99 7 жыл бұрын

Great Explanation... Thanks..

@amjadaslam5270 7 жыл бұрын

these tutorials are good but i am little bit confuse. i want to use totally code my self. how can we use database first entity frame work here

@SIRborioVojta 4 жыл бұрын

Could somebody please help me?? When I try running this project on IIS then /token and all /api/account/... don't work

@AliHassanLearnMVC 7 жыл бұрын

very nice tutorial....

@saurabhverma3579 5 жыл бұрын

please make complete tutorial on xamarin for android app

@wamiqmisbah6503 6 жыл бұрын

when token assigned to authorised header and goes to the server then how server know's that this token belongs to which user?Does it have any copy of token at server side for compare?

@ej2649 7 жыл бұрын

I like the video but I don't understand how token is generated by the class. If those authorization classes are not created by the web api project, how can we create them? looks like it's kind of advance concept here beyond of my level.

@sharathbabumahankali7868 5 жыл бұрын

Can u make a video for that startup class and providers class

@CheeseBae 5 жыл бұрын

Fiddler works OK here, but I prefer to use Postman.

@krishnakishore2539 4 жыл бұрын

Hi Kudvenkat, In OauthAuthorizationserverOtions who will validate the generated token. if i modify the token how will it know the token has been changed. Is Owin running seperate server for validating tokens ?

@AnkitGupta-df9xo 5 жыл бұрын

Hi Sir, I am not able to call the token api from another port. It throws an error of cross origin but I have enable the cors in my webApi though it works fine if I request from fiddler

@alenagontarenko3454 5 жыл бұрын

Thank you!!!!!!!!!!!!!!!!!!!!!!!

@junaidameen8303 7 жыл бұрын

What if I don't want my webapi to be called even if I provide access token by fiddler and try to access webapi. Webapi should work only if request is coming from my site. could you please explain how can we achieve it?

@muhammadrehbarsheikh8498 7 жыл бұрын

thank you venkat sir.

@lifaspk 6 жыл бұрын

Hi Sir, I have an issue while testing Web API in fiddler,unnecessary traffics are created endless and i couldn't clear that,as its again creating.Any solution .Thank You in advance

@balajiravi6961 4 жыл бұрын

Hello, I am facing the same 401 unauthorized error in c#, how do I get the token in runtime. Because it is keep getting expired

@kavithavishwanathen6778 7 жыл бұрын

Thank You Sir !!!

@dellajoseph302 4 жыл бұрын

i am getting error while execute the fiddler with Rest Api request, could you please tell me the reason? i have given api url and body

@hermescondez6060 6 жыл бұрын

How can I configure this as a sub site. Its parent is using Windows Authentication

@ChandanKumar-ik8pf 7 жыл бұрын

While passing the get request with token value I am getting this error..{ "message": "An error has occurred.", "exceptionMessage": "The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. ", "exceptionType": "System.FormatException", "stackTrace": " at System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength) at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength) at System.Convert.FromBase64String(String s) at EmployeeService.BasicAuthenticationAttribute.OnAuthorization(HttpActionContext actionContext) in e:\\RnD\\WebAPI\\Kudvenket\\EmployeeService\\EmployeeService\\BasicAuthenticationAttribute.cs:line 26 at System.Web.Http.Filters.AuthorizationFilterAttribute.OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken) --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Filters.AuthorizationFilterAttribute.d__2.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Controllers.AuthenticationFilterResult.d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Http.Dispatcher.HttpControllerDispatcher.d__1.MoveNext()" }do I need to convert the token to base 64??

@remiduplan8449 6 жыл бұрын

Hello ! I have no Auth.Startup.cs .... why ? i have create an asp.net website and choosen personnal user account as authentification. i've done the samne thing with a webApi project .... i don't get it ? why ? What do I need to have these files ? please. Thank you.

@MrDpk27 6 жыл бұрын

thank you sir .

@m7madonly 7 жыл бұрын

not working in asp.net identity 2.2.1, how do i obtain token in this version ?

@pritishrivastava4747 4 жыл бұрын

I created the token and When I am running get verbs with Fidler getting this message Authorization has been denied for this request

@tabunaul232 4 жыл бұрын

same here

@srinivaseppakayala236 6 жыл бұрын

HI Venkat , Each time we are passing access token to get the access but can you please explain how server validates the token that we have sent for each request

@skandavishwanath6459 4 жыл бұрын

From where did we get method "TOKEN" in URI localhost:34838/token, can anyone pls tell. What if I don't have to use database for crosschecking username and password instead use username and password in web config file and compare the credentials

@vivekverma319 5 жыл бұрын

I did not get about /token , where it came from? pls clarify me. From where I can get this file "Startup.Auth.cs".

@its4zahoor 5 жыл бұрын