Recently I got chance to refresh token based authentication concepts in Asp.net Webapi where I need to authenticate my native apps against webapi, so I decided to implement token based implementation using Owin and Identity and I was keen to blog this because it is very simple and useful and standard way. I divided the implementation into parts for better understanding and ease code available at GitHub :
Let me explain the concept first which is that, user authentication and authorization was achieved before using cookies where after login a cookie get generated and send back to the server with each request to authenticate current user. This is old classic way to identify user with web applications. With the invention of web api which is a stateless way to communicate with system there should be some more flexible way to consume that web api with different plate-forms on same time which are : Web apps , Mobile apps , desktop apps etc . There are many advantages of using token based authentication such as Mobile Apps friendly, Losely coupling of server side implementation, scalability due to token ( our token contains all required information for a user independent of the platform ) and many more.
In coming next post we will start the token implementation from scratch.