Token Authentication

Question

I have query related to this token Authentication. I have code like app.UseWindowsAzureActiveDirectoryBearerAuthentication( new WindowsAzureActiveDirectoryBearerAuthenticationOptions { Audience = ConfigurationManager.AppSettings["ida:Audience"], Tenant = ConfigurationManager.AppSettings["ida:Tenant"], }); My requirement is to stop validating any token other than "Bearer". How can I achieve this. I am using fiddler for tracking requests but for this token validation does it hit "login.microsoftonline.com"?

Sonal Tripathi · Answer

Hi Rajneesh Chaubey, Thanks for your reply . Actually my query is how to stop it getting validated through AAD if it is not Bearer Type. And also how will I verify that if scheme is bearer ,it hits AAD for token validation and if its any other say Basic then my API code only reject it .

Rajneesh Chaubey · Answer

You can use the Authorize Attribute on your web api controllers/actions if you want simple authorization with Usernames or roles like this: [Authorize(Roles= "Administrators,Managers" ,Users = "Mike,Laura" )] If you want custom authorization, then you have to implement a custom authorization attribute which will handle the custom authorization in your web api. If the user is not allowed to pass you will return a 401 UnAuthorized Response: actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); actionContext.Response.Headers.Add( "WWW-Authenticate" , "Bearer location='http://localhost:8323/account/login'" );