Developer forum

Forum » Development » Secure WebAPI with OAuth

Secure WebAPI with OAuth

E-mail notifications
Martin Grønbekk Moen
Martin Grønbekk Moen
Reply
Posted on 28/12/2020 01:31:55

Are there examples on how to secure the WebApi with OAuth?

Thinking of adding Okta to one api, in order to secure it, but then I need to do changed in Startup.cs.
Can that be extended, or are there other solutions to this?

https://developer.okta.com/blog/2019/03/13/build-rest-api-with-aspnet-web-api


Replies

 
Nicolai Pedersen
Posted on 28/12/2020 12:03:03
Reply

I do not think we have examples of that.

You can just place you web api in a seperate app, i.e. /mycustomapp/ and isolate the logic in that folder.

Also you can do some owin startup like this https://docs.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-startup-class-detection

I have asked our developers to see if they have an idea on further alternatives.

BR Nicolai

 
Martin Grønbekk Moen
Martin Grønbekk Moen
Posted on 28/12/2020 15:09:14
Reply

Thanks Nicolai!

The link you sent was promising, but I ran into an exception while trying to add the Startup.cs file as described by Microsoft.
Will try to look a bit more into it, but please let me know if you get any feedback from the other developers.

 
Alexander Gubenko
Alexander Gubenko
Posted on 11/01/2021 09:57:32
Reply

Hello Martin,

I can only suggest you using System.Web.Mvc and regular controllers with RouteArea to Admin/Public/ to avoid security issues.

Example in the attachment. unzip, build, copy dll to bin.
 
check json on 
http://<sitename>/admin/public/animalapi/dog/get
http://<sitename>/admin/public/animalapi/cat/get
 
Alexey Tanchenko Dynamicweb Employee
Alexey Tanchenko
Posted on 12/01/2021 05:14:19
Reply
This post has been marked as an answer

Hi Martin,

As I understand the part of your problem is that you need to configure some software when OWIN is starting up.
OWIN can have only one start point per solution, but within Dynamicweb 9.10 will be released a new feature which is make it possible to have several "Startup.cs" points in one solution: 
To create your own OWIN initialization method you have to create a new class which is implements the Dynamicweb.AspNet.IDwOwinStartup interface. The interface have just one method "Configuration" which will be called on OWIN sturting up.
Important: do not use OwinStartup attribute - "[assembly: OwinStartup(typeof...".

Unfortunately, I do not see the way to have more that one OWIN startup point (which is already exists) on Dynamicweb 9.9 or early versions.

Votes for this answer: 1
 
Martin Grønbekk Moen
Martin Grønbekk Moen
Posted on 14/01/2021 23:24:52
Reply

Thanks Alexey, this will most likely solve my problem. Will test it out as soon as 9.10 is available :)

 

You must be logged in to post in the forum