can we implement OAuth2 in a web service(ASMX) c#?

Question

can we implement OAuth2 in a web service(ASMX) c#?

Sathish Srinivasa Reddy 1

How can we implement OAuth2 in a web service ASMX c#?

Marilee Turscak-MSFT 37,206 Microsoft Employee Moderator

It looks like a similar question was answered here, and a suggestion was to add the token acquired from the authority to the Authorization header:

var redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();  
var _authContext = new AuthenticationContext(authority);  
var tokenResult = await _authContext.AcquireTokenAsync(serviceResourceId, clientId, redirectURI);  
if (tokenResult.Status != AuthenticationStatus.Success)  
{  
    //Not authenticated  
    return;  
}  
var svc = new YourServiceReference.YourClient();  
using (var scope = new OperationContextScope(svc.InnerChannel))  
{  
    var httpRequestProperty = new HttpRequestMessageProperty();  
    httpRequestProperty.Headers[System.Net.HttpRequestHeader.Authorization] = tokenResult.AccessToken;  
    OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty;  
    var result = svc.MyFunction();  
    //Do something with the data  
}

1 answer

Your answer

Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator

2022-05-06T22:39:30.01+00:00

Hi @Sathish Srinivasa Reddy ,

It looks like a similar question was answered here, and a suggestion was to add the token acquired from the authority to the Authorization header:

var redirectURI = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri(); var _authContext = new AuthenticationContext(authority); var tokenResult = await _authContext.AcquireTokenAsync(serviceResourceId, clientId, redirectURI); if (tokenResult.Status != AuthenticationStatus.Success) { //Not authenticated return; } var svc = new YourServiceReference.YourClient(); using (var scope = new OperationContextScope(svc.InnerChannel)) { var httpRequestProperty = new HttpRequestMessageProperty(); httpRequestProperty.Headers[System.Net.HttpRequestHeader.Authorization] = tokenResult.AccessToken; OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty; var result = svc.MyFunction(); //Do something with the data }

Answer 1

Hi @Sathish Srinivasa Reddy . From a server side perspective the easiest and most (classic) ASP.NET compliant way to secure your asmx web services using OAuth2 is to create an Http Module (which will decide what asmx web services require authentication) or Handler (which can be wired/registered to all your asmx web services) to inspect the request Authorization header or a Custom SOAP header, retrieve the access token and finally validate it using JwtSecurityTokenHandler.ValidateTokenAsync.

Please let us know if you need additional assistance.

Share via

can we implement OAuth2 in a web service(ASMX) c#?

1 answer

Your answer