Web API: How to debug AccessToken? Un-expected authentication failure error RRS feed

  • Question

  • I'm using default WebAPI template (.Net Framework 4.6.1) to develop APIs for my Android and iOS application, everything is working fine but at random application returns with Authentication Failure Error.

    [Authorize] attribute is used on controller level, for testing purpose set token expiry to even 20 years using AccessTokenExpireTimeSpan = TimeSpan.FromDays(7300) but it still expires randomly.

    I'm getting access_token by hitting localhost:XXXX/token endpoint with UserName, Password and grant_type params.

    To debug the scenario trying to UnProtect the token in DelegateHandlers but the Ticket object gets NULL.

    AccountController have default and parametrized constructors, accepting UserManager and AccessTokenFormat params

    AddExternalLogin action method attempts to Unprotect the token using AccessTokenFormat property

    Web API life cycle shows Controller object is initialized using ControllerDispatcher before hitting the Action but i'm not getting how to call public AccountController(ApplicationUserManager userManager, ISecureDataFormat<AuthenticationTicket> accessTokenFormat) and what to pass in accessTokenFormat param? userManager is set after login (hitting /token endpoint).

    I'm playing with WebAPI for the first time but now i'm stuck here, burned out and still wondering about followings:

    1. Shared Hosting environment can effect the token expiry?
    2. In web.config sessionState timeOut value can effect the expiry?
    3. Except "password" What are legal values for grant_type param?
    4. TokenExpiry time observes sliding window scenario, means if expiry is set to 20 min and client hits the API 2 min before expiry time, even then token will expire after 2 minutes?
    5. How to implement RefreshToken?

    Any guidance will be highly appreciated.

    Sunday, April 28, 2019 11:20 AM

All replies