Regarding the term token authentication, Access token, Refresh token, bearer token

Question

User264732274 posted

i am not familiar with  token authentication but i heard few words like Access token, Refresh token, bearer token.

so tell me what is Access token, Refresh token, bearer token ?

Access token and bearer token both are same ?

Answer 1

User283571144 posted

Hi sudip_inn,

so tell me what is Access token, Refresh token, bearer token ?

Access token and bearer token both are same ?

In my opinion, access token is an object which could contain some security context.

If the password is authenticated, the system produces an access token.

Every process executed on behalf of this user has a copy of this access token.

The system uses an access token to identify the user when a thread interacts with a securable object or tries to perform a system task that requires privileges.

More details, you could refer to follow link:

https://en.wikipedia.org/wiki/Access_token

https://msdn.microsoft.com/en-us/library/windows/desktop/aa374909(v=vs.85).aspx

Refresh token:

A Refresh Token is a special kind of token that can be used to obtain a renewed access token —that allows accessing a protected resource— at any time.

You can request new access tokens until the refresh token expires.

Refresh tokens must be stored securely by an application because they essentially allow a user to remain authenticated forever.

Bearer token:

As far as I know Bearer token is a type of access token.

It is the most common OAuth 2 token type.

It provides very little in terms of security and relies heavily upon the ability of the client to keep the token secret.

Bearer tokens are the default setting with all configured endpoints.

Generally you will not need to ever construct a token yourself as the provided servers will do so for you.

Best Regards,

Brando

Answer 2

User264732274 posted

thanks for nice reply.

when we are working with asp.net mvc then if we decide to use token based auth then do i need to use identity ? beside identity any other way out exist to implement token auth ?

please put some link to implement token based with asp.net mvc5 and identity.

if possible post a link which show how we can implement token based auth without using identity in asp.net mvc5.

thanks

Answer 3

User1283705980 posted

Hi,

As far as I know, if you want to use token based auth with identity, you need to setup a owin webapi, then you could add a token.

More details, you could refer to follow link:

http://blog.iteedee.com/2014/03/asp-net-identity-2-0-cookie-token-authentication/

Answer 4

User264732274 posted

It seems that u try to sau token is related to web api? is it true ?

Can't we use token in asp.net MVC then how to achieve it. Please guide.

provide some link to implement token auth with identity or without identity in asp.net mvc. thanks

Answer 5

User1283705980 posted

Hi,

I suggest you could refer to follow link:

How can you use Web API to authenticate users of your MVC application?

http://levelnis.co.uk/blog/how-can-you-use-webapi-to-authenticate-users-of-your-mvc-application