OWIN OAuth2 Resource Server authentication using ServiceStack

0
votes

I have created an OAuth 2.0 authorization service using OWIN OAuth 2.0 Authorization Server by following the steps at http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

I am using the Resource Owner Credentials flow.

My client is an MVC app. I am able to get the access token, etc. from the OWIN Auth server.

However, the resource server is built using ServiceStack and now I am not sure how to authenticate the resource services using the OWIN Auth.

Edit I am using DotNetOpenAuth library in the resource server. However, it requires me to specify the certificate details for signing and encryption. However, I have not specified any certificates in the OWIN auth service. So I am not sure, what I need to do to have DotNetOpenAuth library not require certificates for decoding the access token.

2
oauth-2.0servicestackowinowin-security
After much investigation, I have built the auth service using DotNetOpenAuth (where I specify the certificate thumbprints) and the access token generated is consumed in a ServiceStack resource server (where I specify the public/private keys for these certificates). However I am still interested in knowing, how one handles the token which is generated without any certificates.SO User

2 Answers

1
votes

This solution uses ServiceStack as a resource server and DotNetOpenAuth as a Authentication provider

1
votes

To make this work, you need to get the certificate keys in base 64 format and put it in the config file.

(Though, I opted to go with DotNetOpenAuth solution rather than OWIN)