Support forum for ASP.NET Zero (https://aspnetzero.com/).
By tteoh
#30803 Hi, I'm using MVC5AJ1.

Now, I'm referencing two articles, which are (http://www.cnblogs.com/sheng-jie/p/6755 ... toid-3-2-0) and (http://bitoftech.net/2014/06/01/token-b ... -identity/).
I'm trying to apply OAuth in abp and use it to receive token. And I'm wondering why the way to receive the current token in ABP and OAuth token are different.
And also, I have made a comparison between the current token in ABP and OAuth token as image shown below.

Capture.PNG
Capture.PNG (18.04 KiB) Viewed 2245 times


1. Why Abp doesn't has to implement SimpleAuthorizationServerProvider, but OAuth did implemented?
2. Why the returned results of ABP and OAuth are different?

Capture.PNG
Capture.PNG (20.15 KiB) Viewed 2245 times

3. I'm wondering what does Protect method does?
Code: Select allreturn new AjaxResponse(OAuthBearerOptions.AccessTokenFormat.Protect(ticket));


4. Can OAuth be implemented in ABP and work with existing permission setting in ABP?


Thanks.
By ismcagdas
#30810 Hi,

1. The example you show uses Token Based Auth, not Oauth.
2. ABP wraps the result but since Token Based Auth and Oauth are different, having different result is normal.
3. It is OWIN's code but as far as I can check, it encrypts and encodes the token.
4. If you wanto AspNet Zero to act as OAuth server, you can try to integrate Identity Server into your application.
By tteoh
#30817 Hi,

With reference to both answers 1 and 2, my understanding is AspNetZero just using OWIN to generate access token but it’s not OAuth token implementation.

Could you point me to some articles that are token based authorization coz google tends to return OAuth. That’s why I complied the table to see the difference.

My ultimate goal is to extend current token authentication with “Refresh token” so that the mobile app does not need to sign in again. Not necessary had to be OAuth.

Appreciate your advice.

Thanks.
By tteoh
#30836 Dear Support,

Urgently, appreciate Your advise as this will impact a project that we will be undertaking.

I have checked the standard asp.net web api with individual account (membership), which differs from the way token is generated by aspnetzero.

Appreciate your inputs on why aspnetzero has a different implementation when it comes to token generation.

As mentioned earlier, the goal is to implement a Refresh Token mechanism to existing aspnetzero /Authenticate end point.

Thanks.
By ismcagdas
#30851 @tteoh we are also working on implementing refresh token in AspNet Zero.
We don't know how to do it yet. If we can complete it, we can share the results.

You can use DontWrapResult attribute if you don't want ABP to wrap your result.
You can even create a second Action for this because using DontWrapResult attribute in the original Action might break your web app.
By tteoh
#30860 @ismcagdas We managed to implement OAuth Token based the articles mentioned in the original message. My concern was whether the OAuth token behave the same way as ASPNetZero token when calling Web API/Dynamic Web API being authorized in ASPNetZero. Based on our testing using Postman, both tokens provide the same test result.

Glad you are considering Refresh Token for ASPNetZero and i presume is not ASPNetZero Core. You might want to check out this article: http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/. We are attempting to implement this pattern.

Wouldn't you consider the Refresh Token of ASPNetZero Core with Xamarin be applied to ASPNetZero?

Thanks.
/Tommy
User avatar
By aaron
#30863
tteoh wrote:Glad you are considering Refresh Token for ASPNetZero and i presume is not ASPNetZero Core.

As stated in Version Differences:
new major features will be implemented for ASP.NET Core version (.NET Core & full .NET Framework).
By tteoh
#30892
aaron wrote:
tteoh wrote:Glad you are considering Refresh Token for ASPNetZero and i presume is not ASPNetZero Core.

As stated in Version Differences:
new major features will be implemented for ASP.NET Core version (.NET Core & full .NET Framework).


@aaron, thanks for providing the link on the version difference. It certainly helps to understand the differences between .net core and non-core.

Thanks.
/Tommy