Question adding Bearer Token to BasicAuthentication?

[raysefo]

Hi,

I have an ASP.Net Web API 2 with BasicAuthenticationAttribute that is working as expected. In my application, there are different controllers and I want to add bearer token-based authentication to one of my controllers. I added those NuGet packages:

Microsoft.AspNet.WebApi.Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth

There is no problem with the web API config.

public static class WebApiConfig
    {
       public static void Register(HttpConfiguration config)
       {
                    
           config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
        config.Formatters.JsonFormatter.SerializerSettings.DateTimeZoneHandling =
        DateTimeZoneHandling.Local;
                
        config.MapHttpAttributeRoutes();
      
        config.Routes.MapHttpRoute(
            "DefaultApi",
            "api/{controller}/{id}",
            new {id = RouteParameter.Optional}
        );
        
                          
       config.MessageHandlers.Add(new RequestResponseHandler());
                    
       config.Filters.Add(new CustomExceptionFilter());
        
       var resolver = config.DependencyResolver;
       var basicAuth = resolver.GetService(typeof(BasicAuthenticationAttribute)) as BasicAuthenticationAttribute;
       config.Filters.Add(basicAuth);
   }
}

Here is Owin startup

public class Startup
     {
         public void Configuration(IAppBuilder app)
         {
             var configuration = new HttpConfiguration();
             Configure(app);
    
             WebApiConfig.Register(configuration);
             app.UseWebApi(configuration);
         }
    
         private static void Configure(IAppBuilder app)
         {
             var options = new OAuthAuthorizationServerOptions()
             {
                 TokenEndpointPath = new Microsoft.Owin.PathString("/token"),
                 AccessTokenExpireTimeSpan = TimeSpan.FromHours(1),
                 AllowInsecureHttp = true,
                 Provider = new AuthorizationServerProvider()
             };
    
             app.UseOAuthAuthorizationServer(options);
             app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
         }
     }

In the configuration of Owin startup, the program flow goes back to the web API config file.

WebApiConfig.Register(configuration);

And finally, it gets a null exception for basic authentication.

config.Filters.Add(basicAuth);

How can I solve this and use both basic authentication attribute and token-based authentication in my web API?

Best Regards.

 

[raysefo]

It seems one is interested in asp.net web API nowadays

 

[raysefo]

How can I use OverrideAuthenticationand my basic authentication attribute?

public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
    {
        private const string Realm = "My Realm";
        private readonly Func<IUserValidate> _factory;

        public BasicAuthenticationAttribute(Func<IUserValidate> factory)
        {
            _factory = factory;
        }
        ...

 

[Skydiver]

How important is that OverrideAuthentication attribute to the overall solution? Is the CustomBasicAuthentication ignored without it?

 

[raysefo]

The vital part is the dependency and actionContext.Request.GetDependencyScope();. Without OverrideAuthentication it is working as expected.