I developed a Web API that uses token based authentication (using Identity and OWIN). What I need to do is to identify the user in each request made with the token so that I can provide the data that only belongs to that user. My idea is to insert / update that user record with the token right after the successfull authentication. How can I do that? I mean, how can I grab the token before returning the response to the client? Or... is there any other way to accomplish that?
You don't need to store the token to identify the user. The user identity is self-contained in the token.
When the resource server gets the request OAuth2.0 middleware (implemented in Microsoft.Owin.Security.OAuth
dll) decrypts the token and set it into the Identity
property ( context.Ticket.Identity
or context.Identity
in most of methods). Then you can check for the user identity.
Take into account that the authorisation server and the resource server can be separated and the resource server normally don't have access to the authorisation server database.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.