WebAPI 2 - OAuth 2 intercepting Authorization Token

Question

I have created a simple web service - WebAPI 2 using owin hosted on IIS in my startup file

public void Configuration(IAppBuilder app)
    {
        // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=316888
        ConfigureOAuth(app);
        var configuration = new HttpConfiguration();
        WebApiConfig.Register(configuration);
        app.UseWebApi(configuration);
        app.UseCors(CorsOptions.AllowAll);
    }

    public void ConfigureOAuth(IAppBuilder app)
    {
        var oAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new SimpleAuthorizationServerProvider()
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(oAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

    }

and created a simple controller with authorize attribute. in the Identity Model i am adding information which I want to read when the user call the server

var identity = new ClaimsIdentity(context.Options.AuthenticationType);
        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim("role", "user"));
        identity.AddClaim(new Claim("session", "50"));

on every request i want to get the session value, is there a way to do it? how can i add middleware to intercept the token authorization process?

Answer 1

You can try something like this within the controller action:

IPrincipal x = ControllerContext.RequestContext.Principal;
ClaimsIdentity ci = x.Identity as ClaimsIdentity;
string session = ci.FindFirst("session").Value;