WebAPI Authorization DB added

eFormAPI/eFormAPI/App_Start/AutofacConfig.cs

@@ -12,16 +12,12 @@ public static class AutofacConfig
         public static void ConfigureContainer()
         {
             var builder = new ContainerBuilder();
-
             // Get your HttpConfiguration.
             var config = GlobalConfiguration.Configuration;
-
             // Register your Web API controllers.
             builder.RegisterApiControllers(Assembly.GetExecutingAssembly());
-
             // OPTIONAL: Register the Autofac filter provider.
             builder.RegisterWebApiFilterProvider(config);
-
             // Set the dependency resolver to be Autofac.
             Container = builder.Build();
         }

eFormAPI/eFormAPI/App_Start/Startup.Auth.cs

@@ -0,0 +1,66 @@
+using System;
+using eFormAPI.Web.Infrastructure.Data;
+using eFormAPI.Web.Infrastructure.Identity;
+using eFormAPI.Web.Infrastructure.Security;
+using Microsoft.AspNet.Identity;
+using Microsoft.Owin;
+using Microsoft.Owin.Security.Cookies;
+using Microsoft.Owin.Security.OAuth;
+using Owin;
+
+namespace eFormAPI.Web
+{
+    public partial class Startup
+    {
+        public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
+
+        public static string PublicClientId { get; private set; }
+
+        // For more information on configuring authentication, please visit https://go.microsoft.com/fwlink/?LinkId=301864
+        public void ConfigureAuth(IAppBuilder app)
+        {
+            // Configure the db context and user manager to use a single instance per request
+            app.CreatePerOwinContext(BaseDbContext.Create);
+            app.CreatePerOwinContext<EformUserManager>(EformUserManager.Create);
+
+            // Enable the application to use a cookie to store information for the signed in user
+            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
+            app.UseCookieAuthentication(new CookieAuthenticationOptions());
+            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
+
+            // Configure the application for OAuth based flow
+            PublicClientId = "self";
+            OAuthOptions = new OAuthAuthorizationServerOptions
+            {
+                TokenEndpointPath = new PathString("/api/auth/token"),
+                Provider = new ApplicationOAuthProvider(PublicClientId),
+                AuthorizeEndpointPath = new PathString("/api/auth/external-login"),
+                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
+                // In production mode set AllowInsecureHttp = false
+                AllowInsecureHttp = true
+            };
+
+            // Enable the application to use bearer tokens to authenticate users
+            app.UseOAuthBearerTokens(OAuthOptions);
+
+            // Uncomment the following lines to enable logging in with third party login providers
+            //app.UseMicrosoftAccountAuthentication(
+            //    clientId: "",
+            //    clientSecret: "");
+
+            //app.UseTwitterAuthentication(
+            //    consumerKey: "",
+            //    consumerSecret: "");
+
+            //app.UseFacebookAuthentication(
+            //    appId: "",
+            //    appSecret: "");
+
+            //app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
+            //{
+            //    ClientId = "",
+            //    ClientSecret = ""
+            //});
+        }
+    }
+}

eFormAPI/eFormAPI/App_Start/SwaggerConfig.cs

@@ -0,0 +1,102 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Web.Http;
+using System.Web.Http.Description;
+using Swashbuckle.Application;
+using Swashbuckle.Swagger;
+
+namespace eFormAPI.Web
+{
+    public class SwaggerConfig
+    {
+        public static void Register(HttpConfiguration _configuration)
+        {
+            _configuration.EnableSwagger(c =>
+                {
+                    c.SingleApiVersion("v1", "Eform API");
+                    c.IncludeXmlComments($@"{System.AppDomain.CurrentDomain.BaseDirectory}\bin\API.docs.xml");
+                    c.DescribeAllEnumsAsStrings();
+                    c.DocumentFilter<AuthTokenOperation>();
+                    c.OperationFilter<AddAuthorizationHeader>();
+                }).EnableSwaggerUi();
+        }
+    }
+
+    public class AuthTokenOperation : IDocumentFilter
+    {
+        public void Apply(SwaggerDocument swaggerDoc, SchemaRegistry schemaRegistry, IApiExplorer apiExplorer)
+        {
+            swaggerDoc.paths.Add("/api/auth/token", new PathItem
+            {
+                post = new Operation
+                {
+                    tags = new List<string> { "Auth" },
+                    consumes = new List<string>
+                    {
+                        "application/x-www-form-urlencoded"
+                    },
+                    parameters = new List<Parameter> {
+                        new Parameter
+                        {
+                            type = "string",
+                            name = "grant_type",
+                            required = true,
+                            @in = "formData",
+                            @default = "password"
+                        },
+                        new Parameter
+                        {
+                            type = "string",
+                            name = "username",
+                            required = false,
+                            @in = "formData"
+                        },
+                        new Parameter
+                        {
+                            type = "string",
+                            name = "password",
+                            required = false,
+                            @in = "formData"
+                        }
+                    }
+                }
+            });
+        }
+    }
+
+    public class AddAuthorizationHeader : IOperationFilter
+    {
+        /// <summary>
+        /// Adds an authorization header to the given operation in Swagger.
+        /// </summary>
+        /// <param name="operation">The Swashbuckle operation.</param>
+        /// <param name="schemaRegistry">The Swashbuckle schema registry.</param>
+        /// <param name="apiDescription">The Swashbuckle api description.</param>
+        public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
+        {
+            if (operation == null) return;
+
+            if (operation.parameters == null)
+            {
+                operation.parameters = new List<Parameter>();
+            }
+
+            var parameter = new Parameter
+            {
+                description = "The authorization token",
+                @in = "header",
+                name = "Authorization",
+                required = true,
+                type = "string",
+                @default = "Bearer "
+            };
+
+            if (apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any())
+            {
+                parameter.required = false;
+            }
+
+            operation.parameters.Add(parameter);
+        }
+    }
+}

eFormAPI/eFormAPI/App_Start/WebApiConfig.cs

@@ -3,6 +3,7 @@
 using System.Net.Http.Headers;
 using System.Web.Http;
 using Autofac.Integration.WebApi;
+using Microsoft.Owin.Security.OAuth;
 using Newtonsoft.Json;
 using Newtonsoft.Json.Serialization;
 
@@ -12,6 +13,11 @@ public static class WebApiConfig
     {
         public static void Register(HttpConfiguration config)
         {
+            // Web API configuration and services
+            // Configure Web API to use only bearer token authentication.
+            config.SuppressDefaultHostAuthentication();
+            config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
+
             config.MapHttpAttributeRoutes();
             var container = AutofacConfig.Container;
             config.DependencyResolver = new AutofacWebApiDependencyResolver(container);