In one of my previous article, I have shown you how to implement custom Forms Authentication (cookie-based approach) in ASP.NET MVC application.
Today I am going to show you how to Secure ASP.NET Web API using Token Based Authentication.
ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers, mobile devices, and traditional desktop applications. Nowadays Web API adoption is increasing at a rapid pace. So it’s very essential to implement security for all types of clients trying to access data from Web API services.
Nowadays the most preferred approach to secure server resources by authenticating users in WEB API is to use signed token, which contains enough data to identify a particular user.This is called token-based approach.
Read More at
Good work! Keep it up!
Microsoft.Web.Services3.Security.SecurityFault: The security token could not be authenticated or authorized —> System.InvalidOperationException: WSE563: The computed password digest doesn"t match that of the incoming username token.
at Microsoft.Web. ……..??how to solve this problem ???
Its Really Helpful for creating Token Based Web API. Thanks for creating this content.
Super video sourav, i have a doubt , when i hit from my apicontroller as specified in below code,
var tokenresponse = await objhttpclient.PostAsync(baseurl + "/token", new FormUrlEncodedContent(form));
whether it wll hit Applicationoauthprovider class
grantresourceownercredentials()?
Anybody has idea to solve the above myth?
Please share video for refresh token in OAuth 2.0 token implementation in c#, if you have any.
Hi, how we can get 403 forbidden error status in authenticating using oauth2?!
It is a token based authentication where we pass client id, client secret and grant type as client credentials…after generation of access token to access to the protected resources one should get which status?!
Can you clarify on this?!
how to convert jwt authentication.
People saying jwt token is containing 3 parts.
Seperated by . Dots. But in the tutorial token generated without dot. Can you explain about it.
Thank you so much. Make vdo about refresh Token please!
Thank you so much for this awesome video. I was having a hard time implementing this but now everything makes perfect sense. Highly appreciated sir!
very help full video
Thanks Sir, my question is where webapi stores the token in server side?
How do send my token to my api consuming web application so it can authorize and have access to functions with [Authorize] above them?
Gr8 SirJee ! really appreciated.
Well explained.
Just amazing, for Web Api 2. I got stuck with this but my mistake was my controller was inheriting from Controller instead of ApiController, my bad. I believe this is now superseded by .net core 3 JWT authentication? I saw the latest JWT authentication code is quite different. Is this right?
How to implement ADFS SAML Assertion Consumer with Redirct binding in .net core razor pages application? Please help
Excellent Bro 😛
can i use these api as 3rd party login api?
thank you very much
Getting error while running on shared hosting.403 – Forbidden: Access is denied.
You do not have permission to view this directory or page using the credentials that you supplied.
Saurav,, post any wcf videos, plzz
Very Helpful and I fully understood the process of Token Authentication
Very useful , thank you
Searching stop here for token based authentication.😓😓 very Helpful video. Thanks a lot.
Can I use this for .net core 3.1, Web API solution? Need urgent help.
When I try to generate token after all this process
I am getting 404 error.
https://localhost:44383/token.
it returns 404
You are saying client sends user id and password to Authentication server, so what is mean by Authentication server? which Authentication server you are saying about?
Thanks Mondal ji…
Great Tutorial.Explanation was upto the mark.
Awesome video bro
Hi , Thanks for the video . I've implemented your solution , however when I run token url , I get the error " invalid_grant" . could you please advise how to resolve it ?
good knowledge you have shared.thanks
watching in 2020 for understanding the basics of token-based authentication. It helps me a lot. thank you love from Bangladesh
Thank you so much for the valuable information, with your help I solved a difficult situation.
i am not getting where are you generating token. I suppose you must be using Azure AD.. but not passing any client secret key
Thanks so much .u good teach .Every one understand easily.good job sir
When I tried to implement Google sign on in aap.net Web API and angular frontend framework am getting redirect uri mismatch as error can you please help me to resolve this issue
Appreciate your effort 🙏
Thanks for this straightforward example. I've learnt a lot.
Very good explanation. Thanks
I can hit the controller even without the bearer token. What have I missed?
I am follow ur process (this video /article) also
Token value not came
In postman 404 not found error r come
How to fix it ?????
I want to authenticate using SAML request with an identity provider to be initiated from an .Net Framework Web API. Do you have any article or tutorial for this?
excellent tutorial.. 😛
Very helpful!!! Thanks so much for going through the whole process in detail.
Where is angular consumer?
Very helpful tutorial. I want to ask one thing about this sample application that when we send 'token' to get data. how webApi came to know that this token is valid? means how and where it checks it?. Is server has a copy of that token or what?
I am getting 404 error. Could you please help