Last post May 03, 2014 03:04 PM by damienBod
May 03, 2014 02:32 PM|damienBod|LINK
I have a web app which uses OAuth2 Implicit flow for security. This works fine. Now I have a file export/download in a Web API service. I cannot use ajax to GET the file. I have to use a standard form. Due to this, I have to send the bearer token as a parameter.
How can I set up the OWIN Middleware to authorise this on the resource server? One idea is to create an extra OWIN Middleware which intecepts the request and adds the token to the header. I'm not certain if this is a good idea.
Would be greatful for any help or best practices.
May 03, 2014 02:47 PM|BrockAllen|LINK
Looks like there's an event on the OAuthBearerAuthenticationProvider called RequestToken -- you might be able to hook this and then read the token from your custom param.
May 03, 2014 02:50 PM|damienBod|LINK
Thanks, I try this
May 03, 2014 03:04 PM|damienBod|LINK
Thanks a million
That works perfect.