Last post Feb 14, 2015 10:45 AM by Graham_Wright
Feb 11, 2015 10:48 AM|Graham_Wright|LINK
I have an extensive Web site written using MVC 4 and using ASP.Net membership for authentication (aspnet_Membership, aspnet_Users tables etc.).
I want to add on a gateway for mobile apps that use OAuth tokens as implemented in Visual Studio 2013 / MVC 5 using the OAuth support when using the Web API controller.
This will be a separate site but I want to access the user credentials in the ASP.Net membership tables.
The ApplicationOAuthProvider uses the new ASP.Net Identity framework.
Is there any way I can make the GrantResourceOwnerCredentials use the old the ASP.Net membership framework ?
Feb 12, 2015 11:05 PM|Michelle Ge - MSFT|LINK
So far as I know, to authenticate users with credentials from an external provider, you must register your web site with the provider. When you register your site, you will receive the parameters (such as key or id, and secret) to include when registering
For more information about using ApplicationOAuthProvider , please refer to the link below:
Hope it's useful for you.
Feb 12, 2015 11:17 PM|Graham_Wright|LINK
Thanks for your response but I don't want to authenticate against an external OAuth provider (this is well documented, including the URL you supplied).
I want to authenticate against my old Asp.Net Membership database but feed this into the new Asp.Net Identity framework so I can support token authentication for use in mobile apps. This is poorly documented and the example at
https://code.msdn.microsoft.com/Simple-Aspnet-Identiy-Core-7475a961 does not work
Feb 13, 2015 02:12 PM|GrahamS44|LINK
Precisely what i am also trying to do.
Have a new MVC5 app - added an ApiController to it, now want a remote app to be able to send authentication tokens, but ALL the code I have seen says post the grant-password request to /token.
BUT in MVC5 /Token doesn't get defined in Startup.Auth - like ALL the examples show it as.
Driving me nuts - it 'should' be such an integral part of MVC5 :-((.
Anybody shed some light please ???.
All the example code I can find seems to be irrelevant for use with MVC5 :-(( - its all completely different and the MVC5 templates generated are so full of cookies, google, facebook and everything BUT OAuth :-((.
There are examples which say MVC5 has made OAuth easy - hah - you must be joking......
Feb 14, 2015 10:43 AM|Graham_Wright|LINK
OK I have got something working.
I still have some tidying up to do but what I have done is
1) Overwrite ApplicationUserManager:FindAsync in IndentityConfig.cs
2) Verify the user entry in the old aspnet_User and aspnet_Membership tables.
3) This requires being able to reproduce the old password hashing algorithm (luckly in my case we were using a bespoke function so I had the code)
4) The problem I had is that although I had verified the incoming user an ApplicationUser the generation of the token by the rest of the Identity framework expects an entry in the new AspMembership table.
5) I have got around this using an SQL script to duplicate the users from the old Membership tables in the new Identity table.
6) I am going see if I can create these entries on the fly as part of the verification of the incoming call.
Hope this information helps.
- Graham (Wright)
Feb 14, 2015 10:45 AM|Graham_Wright|LINK
Point 4 should say "and created an ApplicationUser, "