Ewertonews Ewertonews - 25 days ago 7
ASP.NET (C#) Question

How can I store the bearer token in Database before sending in the response?

I developed a Web API that uses token based authentication (using Identity and OWIN).
What I need to do is to identify the user in each request made with the token so that I can provide the data that only belongs to that user.
My idea is to insert / update that user record with the token right after the successfull authentication.
How can I do that?
I mean, how can I grab the token before returning the response to the client?
Or... is there any other way to accomplish that?

Answer Source

You don't need to store the token to identify the user. The user identity is self-contained in the token.

When the resource server gets the request OAuth2.0 middleware (implemented in Microsoft.Owin.Security.OAuth dll) decrypts the token and set it into the Identity property (context.Ticket.Identity or context.Identity in most of methods). Then you can check for the user identity.

Take into account that the authorisation server and the resource server can be separated and the resource server normally don't have access to the authorisation server database.