Hi I am using Bearer authentication in my web api 2. After user login i generate access token to the user. Further when they request my web api, they have to send access token in request header. All valid access tokens are requesting web api with out any problem. But I am not sure how to handle bad access tokens (expired). Please let me know the solution if you have. Thanks in advance.
Asked
Active
Viewed 653 times
2 Answers
1
You should use the [Authorize] filter attribute to authorize the request. All bad request with expired tokens will be treated with a 401 unauthorized error
Mahesh Kava
- 773
- 5
- 16
-
Authorize attribute is working as expected. But I want to return a meaningful error message instead of 401. How can I check if access token is valid and not expired ? – Ravindra Kumar Challagandla May 06 '15 at 09:28
-
1From what I know, OAuth 2.0, does not, out of box give any infomation to detect expired token. If you are developing the API, you can check the .expires and expires_in properties and compare with the current datetime to check if token expired. – Mahesh Kava May 07 '15 at 05:27
-
I thought of the same. But I checked in HttpActionContext in AuthorizationFilterAttribute. I am not getting .expire related data. Where can I find that data ? – Ravindra Kumar Challagandla May 07 '15 at 06:45
-
I suggest you take a look at this article. http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api – Mahesh Kava May 07 '15 at 06:56
1
In addition to Mahesh Kava, you may extend AuthorizeAttribute class to return more detailed information for unauthorized request. Refer to this SO question
-
But I am looking for a way to check if access token is expired or not. – Ravindra Kumar Challagandla May 06 '15 at 09:26