Last post Jun 28, 2016 10:16 PM by halhunt
Jun 27, 2016 12:54 AM|halhunt|LINK
Greetings all. I've put together a very simple personal activity tracking system using Visual Studio 2015's ASP.NET 4.6.1 SPA template. It works great. Now I would like to call that same REST web API using anything other than the SPA itself. I've creating
numerous web API projects before that utilize OWINs oauth middleware and could always test those APIs using Fiddler. So I'm very familiar with the steps that need to be taken in Fiddler to accomplish those tasks (i.e. posting to the oauth server's token endpoint
using a form encoded body like grant_type=password&username=blah&password=blah and using the returned access token in subsequent web API calls). However this approach won't work with the web APIs created using the SPA template. No matter what I do I get
an "invalid_client" trying to call the oauth server's token endpoint. What gives? Thanks in advance!
Jun 27, 2016 07:52 AM|Fei Han - MSFT|LINK
You could refer to the following articles to build a SPA and display the data using Web API.
Jun 27, 2016 09:08 PM|halhunt|LINK
Thanks for the response Fei but apparently my post is confusing based on your response. Neither of the links you provided appear to even use authentication in the web API. This post is all about OAuth authentication (perhaps a badly titled post :-/).
Again, the solution I built with the SPA template works perfectly fine so I don't need another tutorial. I need to be able to call the Web API that I built using the SPA template from another type of client. By another type of client I mean a client other
be very different from the OAuth authentication flow in a typical ASP.NET Web API 2 template. So is it possible to call my SPA web API (that requires authentication) from, for example, a C# solution? If so what does the OAuth authentication flow look like
because calling OWIN's OAuth middleware token endpoint to get an access token like normal isn't working (as stated above).
I hope this makes more sense. BTW my solution was created using the older MVC5 framework not the new xplat MVC6/ASP.NET Core framework.
After doing some more research and comparing the ASP.NET SPA and MVC Web API 2 templates the Statup.Auth.cs and ApplicationOAuthProvider.cs files in those templates are very different.
Is it possible to get both browser based and server based OAuth flows working together with the same ApplicationOAuthProvider?
Jun 28, 2016 10:16 PM|halhunt|LINK
Well this article seems to suggest that it is possible to support multiple OAuth2 authorization flows (i.e. authorization code grant, implicit grant, resource owner password credentials grant, and client credentials grant). I wonder why the two ASP.NET
project templates don't use the same OAuth2 server configuration, code, etc.???