How can I store the bearer token in Database before sending in the response?
Question
I developed a Web API that uses token based authentication (using Identity and OWIN). What I need to do is to identify the user in each request made with the token so that I can provide the data that only belongs to that user. My idea is to insert / update that user record with the token right after the successfull authentication. How can I do that? I mean, how can I grab the token before returning the response to the client? Or... is there any other way to accomplish that?
1 answers
solution1
1 ACCPTED 2016-07-18 07:19:22
You don't need to store the token to identify the user. The user identity is self-contained in the token.
When the resource server gets the request OAuth2.0 middleware (implemented in Microsoft.Owin.Security.OAuth dll) decrypts the token and set it into the Identity property ( context.Ticket.Identity or context.Identity in most of methods). Then you can check for the user identity.
Take into account that the authorisation server and the resource server can be separated and the resource server normally don't have access to the authorisation server database.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.