PS: I'm just beginner in ASP.NET WebAPi so please bear with me.
We have just recently learned about Token Based Authentication via video tutorial and other websites, TBA creates a database (mdf) that stores the users who can login on the webAPI application, and this is good, but the only problem on our side is we have
a existing user database, that is been used by multiple applications, we cannot modify all of our applications just to connect on the TBA's users database, is there a other way around to customize this for our database? I tried to search on the net but we
haven't found a site that suit our needs or understandable on our level.
Here's the stracture of our User's table
tblCCPUsers
UserID
UserFullName
UserPassword
Dept
Position
Active
as you can see we have different format that the TBA's user database, changing it to another might take a while and our bosses want's to take the change for next year, but our current 2 project that is using webapi, must be implemented within the year, the
only problem is that project 2 will get the webapi method from project 2, and both has a username and password, token based authentication is the answer for this and we can also on who's user that call's the method, does someone here successfully customize
their TBA into a existing user database? kindly give us a simple explanation as we are a beginner on using ASP.NET webAPI
That is up to you have to validate the username/password according to current database schema . Normally the client app will send the token request to web api , web api side will validate the credential and create the access token to your client app , client
app can send http request with token as authorization header to web api , for accessing protected actions .
The validation of credential the process you can fully customize to fit your requirement , connect to your exist database , validate the credential .
Best Regards,
Nan Yu
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
I'm thinking on how to do that, we are not experienced on using EntityFramework, so we are using ADO.NET (SQLClient) which is "dim sqlConn as new sqlConnection" coding, do you have any example that we can follow??
I'm expecting to create a basic authentication and under it's ajax is another ajax that has the token based authentication, but the problem is we have to register all the user's to the TBA's database, do you have a sample code for this?
I'm expecting to create a basic authentication and under it's ajax is another ajax that has the token based authentication, but the problem is we have to register all the user's to the TBA's database, do you have a sample code for this?
An authentication protocol and a database are two different concepts. You can reuse any user account data store for use in token based authentication.
In client you can post username/password to web api side , web api validate the credential in your exist database , use ADO.NET :
protected void ValidateUserInfo(string user, string pass)
{
SqlConnection connection = new SqlConnection("YOUR CONNECTION STRING HERE");
string sql = "SELECT * FROM TableName WHERE UserID = @username AND Password = @password";
SqlCommand cmd = new SqlCommand(sql,connection);
cmd.Parameters.AddWithValue("@username", user);
cmd.Parameters.AddWithValue("@password", pass);
connection.Open();
DataTable dt = new DataTable();
SqlDataAdapter ad = new SqlDataAdapter(cmd);
ad.Fill(dt);
if (dt.Rows.Count > 0) { //check if the query returns any data
//Valid Username and Password
Response.Redirect("Default.aspx");
}
else
{
Response.Write("INVALIDname and Password, Try Again!");
}
connection.Close();
}
Then you can create token and return back to client .
Best Regards,
Nan Yu
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
I think my question got everyone confused, okay so here we go
first I want to replace to existing Token Based Authentication database with our existing database, inshort, we want all our employees to access the web api, for example:
We have a 5 Web Applications, App1 is a Inventory/Trucking application it has a many functionalities and procedures, , while App2 is the application for function room and training room reservation, App3 is
the finance application, App4 is the travel application, now App5 is the centralized approval application which all the Approval functionalities of all the 4 applications is in there (all are ASP.NET Web
API Site), this app has been created for the purpose that all Managers and Up can view all the list of transactions for their approval. each site has a login page, with username and password from our existing database.
We want to try to change it from our existing to the TBA but it will take time and our developers must update all of our projects.
So what's the reason why I want the employees to web api method? because we need to know who is the user who use that method, all the transactions must be logged.
I do understand how the Web API and token based authentication work, and how you can give access to a client to access the site, but for us we have existing user database, what I want to know is how can we change the authentication of the Web API to our
existing database, please feel free to ask any question if you are getting confused on my question
I didn't say the our password is stored in our database as clear text, our passwords is encrypted on our database as part of our IT Security protocol, thanks.
I do understand how the Web API and token based authentication work, and how you can give access to a client to access the site, but for us we have existing user database, what I want to know is how can we change the authentication of the Web API to our existing
database, please feel free to ask any question if you are getting confused on my question
We are confused because token based authentication has little to do with your data access layer. Why are you having trouble accessing an existing database?
Is the actual issue you need to customize an API like Identity to work with an existing database?
A token, and I assume a JWT token, is signed by the token server when it is created. The remote secured resources know how to validate the token and extract user information.
As @mgebhard said , How to connect to your database and validate the credential is up to you , that is not related to token based authentication . The token is used to access your protected api , i can't understand what is your issue in your scenario .
Best Regards,
Nan Yu
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
45 Points
191 Posts
ASP.NET Web API - Custom Token Based Authentication
May 31, 2019 01:01 AM|amendoza29|LINK
Good Day Everyone
PS: I'm just beginner in ASP.NET WebAPi so please bear with me.
We have just recently learned about Token Based Authentication via video tutorial and other websites, TBA creates a database (mdf) that stores the users who can login on the webAPI application, and this is good, but the only problem on our side is we have a existing user database, that is been used by multiple applications, we cannot modify all of our applications just to connect on the TBA's users database, is there a other way around to customize this for our database? I tried to search on the net but we haven't found a site that suit our needs or understandable on our level.
Here's the stracture of our User's table
tblCCPUsers
as you can see we have different format that the TBA's user database, changing it to another might take a while and our bosses want's to take the change for next year, but our current 2 project that is using webapi, must be implemented within the year, the only problem is that project 2 will get the webapi method from project 2, and both has a username and password, token based authentication is the answer for this and we can also on who's user that call's the method, does someone here successfully customize their TBA into a existing user database? kindly give us a simple explanation as we are a beginner on using ASP.NET webAPI
Thanks Everyone and Regards.
All-Star
18775 Points
3825 Posts
Microsoft
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 03, 2019 06:50 AM|Nan Yu|LINK
Hi amendoza ,
That is up to you have to validate the username/password according to current database schema . Normally the client app will send the token request to web api , web api side will validate the credential and create the access token to your client app , client app can send http request with token as authorization header to web api , for accessing protected actions .
The validation of credential the process you can fully customize to fit your requirement , connect to your exist database , validate the credential .
Best Regards,
Nan Yu
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
45 Points
191 Posts
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 04, 2019 06:19 AM|amendoza29|LINK
Good Day Nan Yu
Thanks for answering all of my questions
I'm thinking on how to do that, we are not experienced on using EntityFramework, so we are using ADO.NET (SQLClient) which is "dim sqlConn as new sqlConnection" coding, do you have any example that we can follow??
I'm expecting to create a basic authentication and under it's ajax is another ajax that has the token based authentication, but the problem is we have to register all the user's to the TBA's database, do you have a sample code for this?
All-Star
42761 Points
18158 Posts
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 04, 2019 01:15 PM|mgebhard|LINK
An authentication protocol and a database are two different concepts. You can reuse any user account data store for use in token based authentication.
All-Star
18775 Points
3825 Posts
Microsoft
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 05, 2019 01:45 AM|Nan Yu|LINK
Hi amendoza ,
In client you can post username/password to web api side , web api validate the credential in your exist database , use ADO.NET :
protected void ValidateUserInfo(string user, string pass) { SqlConnection connection = new SqlConnection("YOUR CONNECTION STRING HERE"); string sql = "SELECT * FROM TableName WHERE UserID = @username AND Password = @password"; SqlCommand cmd = new SqlCommand(sql,connection); cmd.Parameters.AddWithValue("@username", user); cmd.Parameters.AddWithValue("@password", pass); connection.Open(); DataTable dt = new DataTable(); SqlDataAdapter ad = new SqlDataAdapter(cmd); ad.Fill(dt); if (dt.Rows.Count > 0) { //check if the query returns any data //Valid Username and Password Response.Redirect("Default.aspx"); } else { Response.Write("INVALIDname and Password, Try Again!"); } connection.Close(); }Then you can create token and return back to client .
Best Regards,
Nan Yu
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
All-Star
53064 Points
13031 Posts
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 05, 2019 03:28 AM|bruce (sqlwork.com)|LINK
Member
45 Points
191 Posts
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 06, 2019 01:19 AM|amendoza29|LINK
Hi Nan Yu
I think my question got everyone confused, okay so here we go
first I want to replace to existing Token Based Authentication database with our existing database, inshort, we want all our employees to access the web api, for example:
We have a 5 Web Applications, App1 is a Inventory/Trucking application it has a many functionalities and procedures, , while App2 is the application for function room and training room reservation, App3 is the finance application, App4 is the travel application, now App5 is the centralized approval application which all the Approval functionalities of all the 4 applications is in there (all are ASP.NET Web API Site), this app has been created for the purpose that all Managers and Up can view all the list of transactions for their approval. each site has a login page, with username and password from our existing database.
We want to try to change it from our existing to the TBA but it will take time and our developers must update all of our projects.
So what's the reason why I want the employees to web api method? because we need to know who is the user who use that method, all the transactions must be logged.
I do understand how the Web API and token based authentication work, and how you can give access to a client to access the site, but for us we have existing user database, what I want to know is how can we change the authentication of the Web API to our existing database, please feel free to ask any question if you are getting confused on my question
Member
45 Points
191 Posts
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 06, 2019 01:20 AM|amendoza29|LINK
Hi Bruce
I didn't say the our password is stored in our database as clear text, our passwords is encrypted on our database as part of our IT Security protocol, thanks.
All-Star
42761 Points
18158 Posts
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 06, 2019 11:24 AM|mgebhard|LINK
We are confused because token based authentication has little to do with your data access layer. Why are you having trouble accessing an existing database?
Is the actual issue you need to customize an API like Identity to work with an existing database?
A token, and I assume a JWT token, is signed by the token server when it is created. The remote secured resources know how to validate the token and extract user information.
All-Star
18775 Points
3825 Posts
Microsoft
Re: ASP.NET Web API - Custom Token Based Authentication
Jun 07, 2019 01:36 AM|Nan Yu|LINK
Hi amendoza ,
As @mgebhard said , How to connect to your database and validate the credential is up to you , that is not related to token based authentication . The token is used to access your protected api , i can't understand what is your issue in your scenario .
Best Regards,
Nan Yu
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.