locked
[UWP][ASP.NET Web API]How to renew token in Windows UWP app when bearer token expires RRS feed

  • Question

  • Hello All,

    I have a web api (ASP.NET web api2) service which uses individual user account authentication and uses OAuth bearer tokens to validate client requests. I used the default template that Visual Studio 2015 provides. I have a windows UWP app which uses the service as backend to store and retrieve data. I am able to sign-in the user from store app and get the bearer token issued. The token issued has an expiry time associated. My confusion is how to deal with when token expires. I can think of a simple idea

    1) When token expires, the server issues HTTP 401 UnAuthorized for the requests. Whenever I receive such error, re-direct the user to login page in my UWP app using below code

    this.Frame.Navigate(typeof(LoginPage));

    2) User again submits his credentials and server issues a new token and UWP app uses the new token for further communication.

    Can someone tell me is it a good idea or better solution available. I have an additional question about bearer tokens too. Is it possible to get the credentials of user(e.g. user name) from generated token in an api controller. I know that wep api is stateless, but just wanted to know is there anything of that sort available?


    Thursday, November 5, 2015 5:32 AM

Answers

  • Hello Sajan Emmanuel,

    >> 1) When token expires, the server issues HTTP 401 UnAuthorized for the requests. Whenever I receive such error, re-direct the user to login page in my UWP app using below code

    I think this approach is ok.  

    This article explains this in details: http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api 

    >>Is it possible to get the credentials of user(e.g. user name) from generated token in an api controller. I know that wep api is stateless, but just wanted to know is there anything of that sort available?

    if your web api is using bearer token then you can customize your GrantResourceOwnerCredentials method and include additional properties into  the AuthenticationTicket.

    IDictionary<string, string> data = new Dictionary<string, string>
            {
                { "userName", userName },
                {"roles",Roles}
            };
            var properties = new AuthenticationProperties(data);
    
      AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); //pass your additional propertise. 
       context.Validated(ticket);
    
    

    With Regards,

    Krunal Parekh


    Thanks MSDN Community Support Please remember to Mark as Answer the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    • Proposed as answer by Krunal Parekh Tuesday, November 10, 2015 6:01 AM
    • Marked as answer by Krunal Parekh Tuesday, November 17, 2015 9:41 AM
    Friday, November 6, 2015 5:43 AM
  • Hello Sajan Emmanuel,

    >>Did OAuth implementation keeps track of any mapping information between token and user name?

    It depends on the provider for example for google you need to make a get call to https://www.googleapis.com/oauth2/v3/userinfo to get the userinfo by passing token.

    See documentation for more info.

    With Regards,

    Krunal Parekh


    Thanks MSDN Community Support Please remember to Mark as Answer the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    • Proposed as answer by Krunal Parekh Tuesday, November 10, 2015 6:01 AM
    • Marked as answer by Krunal Parekh Tuesday, November 17, 2015 9:41 AM
    Tuesday, November 10, 2015 6:01 AM

All replies

  • Hello Sajan Emmanuel,

    >> 1) When token expires, the server issues HTTP 401 UnAuthorized for the requests. Whenever I receive such error, re-direct the user to login page in my UWP app using below code

    I think this approach is ok.  

    This article explains this in details: http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api 

    >>Is it possible to get the credentials of user(e.g. user name) from generated token in an api controller. I know that wep api is stateless, but just wanted to know is there anything of that sort available?

    if your web api is using bearer token then you can customize your GrantResourceOwnerCredentials method and include additional properties into  the AuthenticationTicket.

    IDictionary<string, string> data = new Dictionary<string, string>
            {
                { "userName", userName },
                {"roles",Roles}
            };
            var properties = new AuthenticationProperties(data);
    
      AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); //pass your additional propertise. 
       context.Validated(ticket);
    
    

    With Regards,

    Krunal Parekh


    Thanks MSDN Community Support Please remember to Mark as Answer the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    • Proposed as answer by Krunal Parekh Tuesday, November 10, 2015 6:01 AM
    • Marked as answer by Krunal Parekh Tuesday, November 17, 2015 9:41 AM
    Friday, November 6, 2015 5:43 AM
  • Hello Krunal,

    Thanks for the response. Looks like I need to clarify the second question a bit. My exact question is inside web api, is it possible to get the user info from token. Did OAuth implementation keeps track of any mapping information between token and user name?

    Friday, November 6, 2015 12:10 PM
  • Hello Sajan Emmanuel,

    >>Did OAuth implementation keeps track of any mapping information between token and user name?

    It depends on the provider for example for google you need to make a get call to https://www.googleapis.com/oauth2/v3/userinfo to get the userinfo by passing token.

    See documentation for more info.

    With Regards,

    Krunal Parekh


    Thanks MSDN Community Support Please remember to Mark as Answer the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    • Proposed as answer by Krunal Parekh Tuesday, November 10, 2015 6:01 AM
    • Marked as answer by Krunal Parekh Tuesday, November 17, 2015 9:41 AM
    Tuesday, November 10, 2015 6:01 AM