This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 85%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
I'm using .Net 4.8 but also considering .Net 6. I would like to build a API which allows people to connect to and receive/ insert data into our database. I've managed create a basic WebAPI but I don't know how to secure it using oauth2 which I think is the proper way to introduce some form of username and password in order to create/retrieve tokens? Does anyone know if there are libraries I can use to carry this out? I'm using RestSharp but would be great if someone could give some guidance. I read owasp which I think is where I need to meet since criteria but became confused. Would be great to if someone could give me some guidance to introduce a username password to my website.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Hi @Mr Edge,
How to build WebAPI 2 with Oauth
You can see if the following article is helpful to you.
This topic shows how to secure a web API using OAuth2 to authenticate against a membership database.
https://learn.microsoft.com/en-us/aspnet/web-api/overview/security/individual-accounts-in-web-api
OAuth 2.0 in ASP.NET MVC & Web API 2.0 using Bearer Token Authorization.
https://github.com/TheCoder87/WebApiOAuth2
Sample ASP.NET Web API project with OAuth authentication and many other extensions.
I've managed create a basic WebAPI but I don't know how to secure it using oauth2
Find an OAuth provider then read the documentation for that provider.
Facebook, Google, and external provider authentication in ASP.NET Core
Google external login setup in ASP.NET Core
Facebook external login setup in ASP.NET Core
Microsoft Account external login setup with ASP.NET Core
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
In the webapi you enable jwt tokens for authentication with Microsoft identity. You will need to configure the oauth setting so it can validate the token.
in the client code you will need to get an oauth token. Hiw this is done depends on the oauth provider an the oauth flow required.
If a browser is calling you webapi via JavaScript, then you probably use you will want a JavaScript library.
If the client is c# code, then typically you will use a client secret, and can call the authentication provider directly of via a sdk.
Thanks! so essentially it would be an API publicly available.
When someone attempts a Get/POST etc they need to have a username and password which we supply to them. It cant be any random Microsoft account or similar account that can access the data, it must be using the details we provide them.
So after reading the above i installed Microsoft.AspNetCore.Authentiction.OAuth and JwtBeaerer for .Net 6 which once i have the auth sorted i can add [Authorize] to the class that i need authenticating (but maybe the whole app)
The links above mean i have to go into Azure to create a MS account (App Registration i think and my assumption is this is somehow the username and password that i need to use in order to access the data?), does that sound correct with the process im following?