{"id":409,"date":"2015-09-02T01:56:57","date_gmt":"2015-09-01T22:56:57","guid":{"rendered":"https:\/\/gokhan-gokalp.com\/?p=409"},"modified":"2015-09-03T13:31:10","modified_gmt":"2015-09-03T10:31:10","slug":"asp-net-web-api-token-based-authentication","status":"publish","type":"post","link":"https:\/\/gokhan-gokalp.com\/tr\/asp-net-web-api-token-based-authentication\/","title":{"rendered":"Asp.Net Web API &#8211; Token Based Authentication"},"content":{"rendered":"<p>Merhaba arkada\u015flar, bu makalemde Asp.Net Web API ile\u00a0RESTful\u00a0servis geli\u015ftirirken <strong>Token Based<\/strong> bir\u00a0<strong>Authentication<\/strong> i\u015flemi nas\u0131l yap\u0131ld\u0131\u011f\u0131na dair \u00f6rnek bir proje yapaca\u011f\u0131z.<\/p>\n<p>RESTful&#8217;\u00fcn\u00a0\u00f6nemini k\u0131saca hat\u0131rlamak gerekirse:<\/p>\n<ul>\n<li>Fazlas\u0131yla basit ve esneklik sa\u011flamaktad\u0131r.<\/li>\n<li>REST&#8217;in <strong>HTTP\u00a0<\/strong>protokol\u00fc \u00fczerine kurulmu\u015f olmas\u0131yla beraber g\u00fcn\u00fcm\u00fcz modern web d\u00fcnyas\u0131ndaki bir \u00e7ok uygulamalar kendini browser tabanl\u0131 uygulamalara b\u0131rak\u0131yor ve art\u0131k bir \u00e7ok i\u015flem client-side tabanl\u0131 yap\u0131ld\u0131\u011f\u0131 i\u00e7in REST servisleri bize bir art\u0131 daha sa\u011fl\u0131yor bu anlamda.<\/li>\n<\/ul>\n<p>\u00d6z\u00fcnde <strong>RESTful<\/strong> servisleri\u00a0bize <strong>client-server<\/strong>\u00a0aras\u0131ndaki yapacak oldu\u011fumuz veri transferini <strong>SOAP<\/strong> veya <strong>RPC<\/strong> gibi kompleks mimariler yerine daha\u00a0hafif ve esnek bir \u015fekilde yapabilme olana\u011f\u0131\u00a0sa\u011fl\u0131yor.<\/p>\n<p>REST mimarisini hat\u0131rlad\u0131\u011f\u0131m\u0131za g\u00f6re, gelelim \u015fimdi nedir bu <strong>Token Based<\/strong> <strong>Authentication?<\/strong><\/p>\n<blockquote><p>G\u00fcn\u00fcm\u00fcz \u00e7a\u011f\u0131nda geli\u015ftirilen neredeyse t\u00fcm uygulamalar\u0131n bir mobil baca\u011f\u0131 bulunmaktad\u0131r veya mobil taraf\u0131na da destek verebilecek \u015fekilde servis mimarileri geli\u015ftirilmektedir. REST mimarisi \u00fczerine kurulan bir serviste ise g\u00fcvenlik i\u015flemlerini ele alabilmek, <strong>client&#8217;\u0131 yetkilendirebilmek<\/strong> i\u00e7in <strong>Token<\/strong> (Jeton) bazl\u0131 bir yetkilendirme i\u015flemi yap\u0131lmaktad\u0131r.<\/p><\/blockquote>\n<p><strong>Token Based Authentication<\/strong> i\u015fleminin ya\u015fam d\u00f6ng\u00fcs\u00fcne bakmak istedi\u011fimizde ise:<a href=\"\/wp-content\/uploads\/2015\/08\/securitypattern.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-412 lazyload\" data-src=\"\/wp-content\/uploads\/2015\/08\/securitypattern.png\" alt=\"securitypattern\" width=\"380\" height=\"336\" data-srcset=\"https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/08\/securitypattern.png 380w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/08\/securitypattern-300x265.png 300w\" data-sizes=\"(max-width: 380px) 100vw, 380px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 380px; --smush-placeholder-aspect-ratio: 380\/336;\" \/><\/a><\/p>\n<ul>\n<li>Client kendi g\u00fcvenlik bilgilerini girer ve bu bilgiler<strong>\u00a0Authorization Server<\/strong>&#8216;a g\u00f6nderilir<\/li>\n<li>Authorization Server bu bilgileri do\u011frulursa, client&#8217;a bir <strong>Access Token<\/strong>\u00a0Http Response&#8217;u d\u00f6ner.<\/li>\n<li>Client art\u0131k eri\u015fmek istedi\u011fi servislere, elde etmi\u015f oldu\u011fu Access Token&#8217;\u0131 \u00a0Http Request&#8217;in <strong>Authorization Header<\/strong>&#8216;\u0131na ekleyerek eri\u015fim sa\u011flar.<\/li>\n<\/ul>\n<p>Bu \u00f6n bilgilerden sonra\u00a0hemen \u00f6rne\u011fimize ge\u00e7elim. \u00d6ncelikle \u00f6rne\u011fimizde <strong>Authentication<\/strong> i\u015flemleri i\u00e7in <strong>OAuth 2.0<\/strong>\u00a0protokol\u00fc ile sa\u011flayaca\u011f\u0131z\u00a0ve bunun i\u00e7in Microsoft&#8217;un <strong>Owin<\/strong>\u00a0k\u00fct\u00fcphanesinden yararlanaca\u011f\u0131z.<\/p>\n<p>Owin temelinde\u00a0<strong>IIS<\/strong> ile <strong>Application<\/strong> aras\u0131nda kendi pipeline&#8217;\u0131n\u0131 kuruyor ve i\u015flemleri burada handle\u00a0ediyor. Lightweight bir pipeline&#8217;a sahiptir.<\/p>\n<p><a href=\"\/wp-content\/uploads\/2015\/09\/OWIN__2.png\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-416 lazyload\" data-src=\"\/wp-content\/uploads\/2015\/09\/OWIN__2.png\" alt=\"OWIN__2\" width=\"797\" height=\"277\" data-srcset=\"https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/OWIN__2.png 797w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/OWIN__2-300x104.png 300w\" data-sizes=\"(max-width: 797px) 100vw, 797px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 797px; --smush-placeholder-aspect-ratio: 797\/277;\" \/><\/a><\/p>\n<p><strong>AspNetWebAPIOAuth<\/strong> isminde bir <strong>Asp.Net Web Application<\/strong> olu\u015fturuyorum. Olu\u015ftururken Template k\u0131sm\u0131ndan <strong>Empty<\/strong> se\u00e7ip Core Referans\u0131n\u0131 ise <strong>Web API<\/strong> se\u00e7erek tamaml\u0131yorum.<\/p>\n<p>Projemizi olu\u015fturdu\u011fumuza g\u00f6re hemen projemiz \u00fczerine sa\u011f t\u0131klayarak NuGet Package Manager&#8217;\u0131 a\u00e7\u0131p Search k\u0131sm\u0131ndan <strong>OAuth<\/strong> yazarak \u00e7\u0131kacak olan sonu\u00e7lar i\u00e7inden<strong> Microsoft.AspNet.WebApi.Owin,\u00a0Microsoft.Owin.Host.SystemWeb <\/strong>ve\u00a0<strong>Microsoft<span class=\"crayon-sy\">.<\/span>Owin<span class=\"crayon-sy\">.<\/span>Security<span class=\"crayon-sy\">.<\/span>OAuth<\/strong>&#8216;u se\u00e7erek projemize kuruyoruz.<\/p>\n<p>Proje i\u00e7erisine\u00a0<strong>OAuth<\/strong> isimli bir klas\u00f6r ekleyerek servis\u00a0\u00e7al\u0131\u015fmaya ba\u015flarken\u00a0<strong>Owin <\/strong>pipeline&#8217;\u0131n\u0131\u00a0aya\u011fa kald\u0131rabilmek i\u00e7in\u00a0<strong>Startup<\/strong> s\u0131n\u0131f\u0131n\u0131 haz\u0131rlamaya ba\u015fl\u0131yoruz ve i\u00e7erisinde gerekli konfig\u00fcrasyon ayarlar\u0131n\u0131 <strong>WebApiConfig<\/strong>&#8216;e register edip, <strong>Owin Server<\/strong> \u00fczerinde uygulama olu\u015furken kullanaca\u011f\u0131 konfig\u00fcrasyon ayar\u0131n\u0131da belirtiyoruz.<\/p>\n<p>Startup.cs:<\/p>\n<pre class=\"lang:c# decode:true \">using AspNetWebAPIOAuth.OAuth.Providers;\r\nusing Microsoft.Owin;\r\nusing Microsoft.Owin.Security.OAuth;\r\nusing Owin;\r\nusing System;\r\nusing System.Web.Http;\r\n\r\n[assembly: OwinStartup(typeof(AspNetWebAPIOAuth.OAuth.Startup))]\r\nnamespace AspNetWebAPIOAuth.OAuth\r\n{\r\n    \/\/ Servis \u00e7al\u0131\u015fmaya ba\u015flarken Owin pipeline'\u0131n\u0131 aya\u011fa kald\u0131rabilmek i\u00e7in Startup'u haz\u0131rl\u0131yoruz.\r\n    public class Startup\r\n    {\r\n        public void Configuration(IAppBuilder appBuilder)\r\n        {\r\n            HttpConfiguration httpConfiguration = new HttpConfiguration();\r\n\r\n            ConfigureOAuth(appBuilder);\r\n\r\n            WebApiConfig.Register(httpConfiguration);\r\n            appBuilder.UseWebApi(httpConfiguration);\r\n        }\r\n\r\n        private void ConfigureOAuth(IAppBuilder appBuilder)\r\n        {\r\n            OAuthAuthorizationServerOptions oAuthAuthorizationServerOptions = new OAuthAuthorizationServerOptions()\r\n            {\r\n                TokenEndpointPath = new Microsoft.Owin.PathString(\"\/token\"), \/\/ token alaca\u011f\u0131m\u0131z path'i belirtiyoruz\r\n                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),\r\n                AllowInsecureHttp = true,\r\n                Provider = new SimpleAuthorizationServerProvider()\r\n            };\r\n\r\n            \/\/ AppBuilder'a token \u00fcretimini ger\u00e7ekle\u015ftirebilmek i\u00e7in ilgili authorization ayarlar\u0131m\u0131z\u0131 veriyoruz.\r\n            appBuilder.UseOAuthAuthorizationServer(oAuthAuthorizationServerOptions);\r\n\r\n            \/\/ Authentication type olarak ise Bearer Authentication'\u0131 kullanaca\u011f\u0131m\u0131z\u0131 belirtiyoruz.\r\n            \/\/ Bearer token OAuth 2.0 ile gelen standartla\u015fm\u0131\u015f token t\u00fcr\u00fcd\u00fcr.\r\n            \/\/ Herhangi kriptolu bir veriye ihtiya\u00e7 duymadan client taraf\u0131ndan token iste\u011finde bulunulur ve server belirli bir expire date'e sahip bir access_token \u00fcretir.\r\n            \/\/ Bearer token \u00fczerinde g\u00fcvenlik SSL'e dayan\u0131r.\r\n            \/\/ Bir di\u011fer tip ise MAC token'd\u0131r. OAuth 1.0 versiyonunda kullan\u0131l\u0131yor, hem client'a, hemde server taraf\u0131na implementasyonlardan dolay\u0131 ek maliyet \u00e7\u0131kartmaktad\u0131r. Bu maliyetin yan\u0131 s\u0131ra ise Bearer token'a g\u00f6re kaynak al\u0131\u015f veri\u015finin biraz daha g\u00fcvenli oldu\u011fu s\u00f6yleniyor \u00e7\u00fcnk\u00fc client her request'inde veriyi hmac ile imzalay\u0131p verileri kriptolu bir \u015fekilde g\u00f6ndermeleri gerekti\u011fi i\u00e7in.\r\n            appBuilder.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());\r\n        }\r\n    }\r\n}<\/pre>\n<p>Owin ayarlar\u0131n\u0131 ba\u015flang\u0131\u00e7ta i\u00e7eren s\u0131n\u0131f\u0131m\u0131z\u0131 olu\u015fturduk. S\u0131n\u0131f sat\u0131rlar\u0131ndaki yorumlarda da belirtti\u011fimiz \u00fczere, Authentication type olarak <strong>Bearer Authentication<\/strong> kullanaca\u011f\u0131z. Sebebi ise daha fazla lightweight olup OAuth 2.0 ile standart bir hale gelmesi ve hem client hemde server side i\u00e7in authentication i\u015flemlerini daha fazla kolayla\u015ft\u0131rmas\u0131d\u0131r. Ayr\u0131ca t\u00fcm i\u015flemler\u00a0her ne kadar bir access token \u00fczerinden y\u00fcr\u00fcyecek olsada, <strong>SSL<\/strong> ile client ile server aras\u0131ndaki veri g\u00fcvenli\u011fi sa\u011flanmal\u0131d\u0131r.<\/p>\n<p><strong>OAuthAuthorizationServerOptions<\/strong> ayarlar\u0131n\u0131 tan\u0131mlarken <strong>Provider<\/strong> olarak\u00a0<strong>OAuthAuthorizationServerProvider\u00a0<\/strong>s\u0131n\u0131f\u0131ndan miras alarak t\u00fcretece\u011fimiz\u00a0<strong>SimpleAuthorizationServerProvider<\/strong> &#8216;\u0131 se\u00e7tik. \u015eimdi gelelim bu provider&#8217;\u0131n kodlar\u0131n\u0131 incelemeye. \u00d6ncesinde daha \u00f6nce a\u00e7t\u0131\u011f\u0131m\u0131z\u00a0OAuth klas\u00f6r\u00fcn\u00fcn i\u00e7ine hemen bir <strong>Providers<\/strong> isminde klas\u00f6r daha a\u00e7arak i\u00e7erisinde ilgili s\u0131n\u0131f\u0131m\u0131z\u0131 olu\u015fturuyoruz.<\/p>\n<p>SimpleAuthorizationServerProvider.cs:<\/p>\n<pre class=\"lang:c# decode:true\">using Microsoft.Owin.Security.OAuth;\r\nusing System.Threading.Tasks;\r\nusing System.Security.Claims;\r\n\r\nnamespace AspNetWebAPIOAuth.OAuth.Providers\r\n{\r\n    public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider\r\n    {\r\n        \/\/ OAuthAuthorizationServerProvider s\u0131n\u0131f\u0131n\u0131n client eri\u015fimine izin verebilmek i\u00e7in ilgili ValidateClientAuthentication metotunu override ediyoruz.\r\n        public override async System.Threading.Tasks.Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)\r\n        {\r\n            context.Validated();\r\n        }\r\n\r\n        \/\/ OAuthAuthorizationServerProvider s\u0131n\u0131f\u0131n\u0131n kaynak eri\u015fimine izin verebilmek i\u00e7in ilgili GrantResourceOwnerCredentials metotunu override ediyoruz.\r\n        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)\r\n        {\r\n            \/\/ CORS ayarlar\u0131n\u0131 set ediyoruz.\r\n            context.OwinContext.Response.Headers.Add(\"Access-Control-Allow-Origin\", new[] { \"*\" });\r\n\r\n            \/\/ Kullan\u0131c\u0131n\u0131n access_token alabilmesi i\u00e7in gerekli validation i\u015flemlerini yap\u0131yoruz.\r\n            if (context.UserName == \"Gokhan\" &amp;&amp; context.Password == \"123456\")\r\n            {\r\n                var identity = new ClaimsIdentity(context.Options.AuthenticationType);\r\n\r\n                identity.AddClaim(new Claim(\"sub\", context.UserName));\r\n                identity.AddClaim(new Claim(\"role\", \"user\"));\r\n\r\n                context.Validated(identity);\r\n            }\r\n            else\r\n            {\r\n                context.SetError(\"invalid_grant\", \"Kullan\u0131c\u0131 ad\u0131 veya \u015fifre yanl\u0131\u015f.\");\r\n            }\r\n        }\r\n    }\r\n}<\/pre>\n<p><strong>OAuthAuthorizationServerProvider <\/strong>s\u0131n\u0131f\u0131n\u0131n iki metodunu ezdi\u011fimizi g\u00f6r\u00fcyoruz. Bunlardan birincisi, Client&#8217;\u0131 do\u011frulamak i\u00e7in ki direkt olarak do\u011frulad\u0131k biz. \u0130kincisi ise as\u0131l kaynak eri\u015fimine verilecek yetkilerin ayarland\u0131\u011f\u0131 ana k\u0131s\u0131m. \u00d6ncelikle burada CORS ayarlar\u0131n\u0131 ger\u00e7ekele\u015ftirdik. Hemen <strong>CORS<\/strong> nedir hat\u0131rlatmas\u0131 yapmak gerekirse:<\/p>\n<blockquote><p><strong>CORS<\/strong> domain&#8217;ler aras\u0131 kaynak payla\u015f\u0131m\u0131n\u0131 sa\u011flamaya yarayan bir\u00a0mekanizmad\u0131r.\u00a0Bir domain&#8217;in bir ba\u015fka domain&#8217;in kayna\u011f\u0131n\u0131 kullanabilmesini sa\u011flar.<\/p><\/blockquote>\n<p>H\u0131zl\u0131ca CORS&#8217;u da tekrardan hat\u0131rlad\u0131\u011f\u0131m\u0131z \u00fczere devam\u0131nda koda bakt\u0131\u011f\u0131m\u0131zda da net bir \u015fekilde g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi <strong>validation<\/strong> i\u015flemlerini ger\u00e7ekle\u015ftiriyoruz. E\u011fer kullan\u0131c\u0131 ge\u00e7erli bir kullan\u0131c\u0131 ise bir kimlik yarat\u0131p, <strong>context<\/strong> \u00fczerinde do\u011fruluyor.<\/p>\n<p>Evet \u015fuan Owin i\u00e7in OAuth 2.0 implementasyonunu ger\u00e7ekle\u015ftirmi\u015f bulunuyoruz. \u015eimdi gelelim <strong>Controller<\/strong> \u00fczerinde ki kullan\u0131m\u0131na. Hemen Controllers k\u0131sm\u0131na OrdersController ekliyorum ve i\u00e7ine List isminde bir metot tan\u0131ml\u0131yorum. Form Authentication&#8217;dan da hat\u0131rlayabilece\u011finiz \u00fczere metotlar\u0131n \u00fcst\u00fcne attirbute olarak\u00a0[<strong>Authorize<\/strong>] attributunu ekliyorduk, Owin i\u00e7inde ayn\u0131 attribut&#8217;u kullan\u0131yoruz.<\/p>\n<p>OrdersController.cs:<\/p>\n<pre class=\"lang:c# decode:true \">using System.Collections.Generic;\r\nusing System.Web.Http;\r\n\r\nnamespace AspNetWebAPIOAuth.Controllers\r\n{\r\n    public class OrdersController : ApiController\r\n    {\r\n        [HttpGet]\r\n        [Authorize]\r\n        public List&lt;string&gt; List()\r\n        {\r\n            List&lt;string&gt; orders = new List&lt;string&gt;();\r\n\r\n            orders.Add(\"Elma\");\r\n            orders.Add(\"Armut\");\r\n            orders.Add(\"Erik\");\r\n\r\n            return orders;\r\n        }\r\n    }\r\n}<\/pre>\n<p>Api taraf\u0131nda her\u015fey haz\u0131r oldu\u011funa g\u00f6re projemizi test edebiliriz. Ben tool olarak Postman&#8217;\u0131 tercih ediyorum siz isterseniz Fiddler Composer&#8217;da kullanabilirsiniz. Postman data g\u00f6nderirken bana daha fazla esneklik sa\u011fl\u0131yor a\u00e7\u0131kcas\u0131. :)<\/p>\n<p>\u00d6ncelikle direkt olarak ilgili api metodumuza eri\u015fmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131m\u0131zda alaca\u011f\u0131m\u0131z sonuca\u00a0bir bakal\u0131m:<\/p>\n<p><a href=\"\/wp-content\/uploads\/2015\/09\/oauth_hata.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-417 lazyload\" data-src=\"\/wp-content\/uploads\/2015\/09\/oauth_hata.jpg\" alt=\"oauth_hata\" width=\"1090\" height=\"414\" data-srcset=\"https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_hata.jpg 1090w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_hata-300x114.jpg 300w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_hata-1024x389.jpg 1024w\" data-sizes=\"(max-width: 1090px) 100vw, 1090px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1090px; --smush-placeholder-aspect-ratio: 1090\/414;\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>api\/Orders\/List<\/strong> url&#8217;i ile GET iste\u011fi att\u0131\u011f\u0131m\u0131zda Authorization hatas\u0131 ald\u0131\u011f\u0131m\u0131z\u0131 g\u00f6r\u00fcyoruz. \u00d6ncelikle<strong> \/token<\/strong> path&#8217;i ile belirtti\u011fimiz adrese gidip ge\u00e7erli bir <strong>access_token<\/strong> almal\u0131y\u0131z.<\/p>\n<p>Bunun i\u00e7in <strong>POST<\/strong> tipinde<strong>\u00a0\/token<\/strong> url&#8217;ine Headers&#8217;a ve Body&#8217;e bir ka\u00e7 parametre set ederek gitmemiz gerekmektedir.<\/p>\n<p>Headers&#8217;e eklenecek parametreler:<\/p>\n<p><strong>Header<\/strong>: Accept \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<strong>Value<\/strong>: application\/json<br \/>\n<strong>Header<\/strong>: Content-Type \u00a0 \u00a0 <strong>Value<\/strong>: application\/x-www-form-urlencoded<\/p>\n<p>Body&#8217;e eklenecek parametreler:<\/p>\n<p>data tipi x-www-form-urlencoded olarak se\u00e7ilip,<\/p>\n<p><strong>Key<\/strong>: grant_type \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <strong>Value<\/strong>: password<br \/>\n<strong>Key<\/strong>: username \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0<strong>Value<\/strong>: Gokhan (Kullan\u0131c\u0131 ad\u0131n\u0131z)<br \/>\n<strong>Key<\/strong>: password \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <strong>Value<\/strong>: 123456 (\u015eifreniz)<\/p>\n<p>\u0130lgili bilgileri girdikten sonra POST i\u015flemini ger\u00e7ekle\u015ftirelim ve gelen sonuca bakal\u0131m:<\/p>\n<p><a href=\"\/wp-content\/uploads\/2015\/09\/oauth_token.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-418 lazyload\" data-src=\"\/wp-content\/uploads\/2015\/09\/oauth_token.jpg\" alt=\"oauth_token\" width=\"1086\" height=\"577\" data-srcset=\"https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_token.jpg 1086w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_token-300x159.jpg 300w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_token-1024x544.jpg 1024w\" data-sizes=\"(max-width: 1086px) 100vw, 1086px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1086px; --smush-placeholder-aspect-ratio: 1086\/577;\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Geriye d\u00f6nen JSON\u00a0sorgusunda <strong>access_token<\/strong> olu\u015fmu\u015f ve expires_in s\u00fcresi ile geldi\u011fini g\u00f6r\u00fcyoruz. Bu s\u00fcreyi\u00a0hat\u0131rlarsak Startup k\u0131sm\u0131nda konfig\u00fcrasyon b\u00f6l\u00fcm\u00fcnde\u00a0<strong>AccessTokenExpireTimeSpan<\/strong> propertysi ile vermi\u015ftik.<\/p>\n<p>Art\u0131k bu token&#8217;\u0131 kullanarak tekrardan\u00a0<strong>api\/Orders\/List<\/strong> url&#8217;ine tekrardan bir GET sorgusunda bulunal\u0131m. Fakat bu sefer ilgili token&#8217;\u0131 Header&#8217;a ekleyerek g\u00f6nderiyoruz.<\/p>\n<p>Headers&#8217;e eklenecek parametreler:<\/p>\n<p><strong>Header<\/strong>: Content-Type \u00a0 \u00a0 \u00a0<strong>Value<\/strong>: application\/json<br \/>\n<strong>Header<\/strong>: Authorization \u00a0\u00a0 \u00a0 \u00a0<strong>Value<\/strong>:\u00a0Bearer\u00a0jyMJNFpYdBOZxoUZsutu7vNe4JY&#8211;kdvdjTylrJi_rZPC5VUOFSTvej-Sq0jvCj1gYbg0HHAk6ILoj0U7G3zCYcl1lK9tA6YwMGODccsorhjwDTzuuGprU00f5j4Ly1DUhS54TejbrZtn1RMegSCXFfixjkYkeXeVd6eP0eGGrAr6f3ICVGz7KASR28soQEh_4sXpOZLmDpDJFKKAEoI_q0h9_7qvfIIjm8t0lDcCp4<\/p>\n<p>Token tipimiz <strong>Bearer<\/strong> oldu\u011fu i\u00e7in headerda Authorization k\u0131sm\u0131n\u0131n de\u011ferine access_token&#8217;\u0131 girmeden \u00f6nce Bearer tag&#8217;ini ekleyip daha sonras\u0131nda access_token&#8217;\u0131 ekliyoruz.<\/p>\n<p><a href=\"\/wp-content\/uploads\/2015\/09\/oauth_access.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-419 lazyload\" data-src=\"\/wp-content\/uploads\/2015\/09\/oauth_access.jpg\" alt=\"oauth_access\" width=\"1078\" height=\"494\" data-srcset=\"https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_access.jpg 1078w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_access-300x137.jpg 300w, https:\/\/gokhan-gokalp.com\/wp-content\/uploads\/2015\/09\/oauth_access-1024x469.jpg 1024w\" data-sizes=\"(max-width: 1078px) 100vw, 1078px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1078px; --smush-placeholder-aspect-ratio: 1078\/494;\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Servisten ba\u015far\u0131yla bilgileri \u00e7ekti\u011fimizi g\u00f6r\u00fcyoruz. Bir sonraki Web API\u00a0konumda ise Custom Token Based Authentication i\u015flemi nas\u0131l ger\u00e7ekle\u015ftirilebilir hakk\u0131nda bir \u015feyler yazmay\u0131 planl\u0131yorum. \u015eimdilik sa\u011fl\u0131cakla kal\u0131n.<\/p>\n<p><a href=\"\/wp-content\/uploads\/2015\/09\/AspNetWebAPIOAuth.rar\">AspNetWebAPIOAuth<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Merhaba arkada\u015flar, bu makalemde Asp.Net Web API ile\u00a0RESTful\u00a0servis geli\u015ftirirken Token Based bir\u00a0Authentication i\u015flemi nas\u0131l yap\u0131ld\u0131\u011f\u0131na dair \u00f6rnek bir proje yapaca\u011f\u0131z. RESTful&#8217;\u00fcn\u00a0\u00f6nemini k\u0131saca hat\u0131rlamak gerekirse: Fazlas\u0131yla basit ve esneklik sa\u011flamaktad\u0131r. REST&#8217;in HTTP\u00a0protokol\u00fc \u00fczerine kurulmu\u015f olmas\u0131yla beraber g\u00fcn\u00fcm\u00fcz modern web d\u00fcnyas\u0131ndaki bir \u00e7ok uygulamalar kendini browser tabanl\u0131&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/gokhan-gokalp.com\/tr\/asp-net-web-api-token-based-authentication\/\">Devam\u0131n\u0131 okuyun<span class=\"screen-reader-text\">Asp.Net Web API &#8211; Token Based Authentication<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48],"tags":[116,119,117,115,112,113,114,118],"class_list":["post-409","post","type-post","status-publish","format-standard","hentry","category-asp-net-web-api","tag-access-token","tag-asp-net-web-api-guvenlik","tag-asp-net-web-api-token-based-authentication","tag-bearer-token","tag-oauth","tag-oauth-2-0","tag-owin-oauth","tag-token-based-authentication","entry"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"tr","enabled_languages":["en","tr"],"languages":{"en":{"title":true,"content":true,"excerpt":false},"tr":{"title":false,"content":false,"excerpt":false}}},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Asp.Net Web API - Token Based Authentication - G\u00f6khan G\u00f6kalp<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Asp.Net Web API - Token Based Authentication - G\u00f6khan G\u00f6kalp\" \/>\n<meta property=\"og:url\" content=\"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"G\u00f6khan G\u00f6kalp\" \/>\n<meta property=\"article:published_time\" content=\"2015-09-01T22:56:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-09-03T10:31:10+00:00\" \/>\n<meta name=\"author\" content=\"G\u00f6khan G\u00f6kalp\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Yazan:\" \/>\n\t<meta name=\"twitter:data1\" content=\"G\u00f6khan G\u00f6kalp\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tahmini okuma s\u00fcresi\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 dakika\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/\"},\"author\":{\"name\":\"G\u00f6khan G\u00f6kalp\",\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/#\\\/schema\\\/person\\\/7e2a7fa98babd22a5fdae563c4b8cdbe\"},\"headline\":\"Asp.Net Web API &#8211; Token Based Authentication\",\"datePublished\":\"2015-09-01T22:56:57+00:00\",\"dateModified\":\"2015-09-03T10:31:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/\"},\"wordCount\":1184,\"commentCount\":184,\"publisher\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/#\\\/schema\\\/person\\\/7e2a7fa98babd22a5fdae563c4b8cdbe\"},\"keywords\":[\"Access Token\",\"Asp.Net Web API G\u00fcvenlik\",\"Asp.net Web API Token Based Authentication\",\"Bearer Token\",\"OAuth\",\"OAuth 2.0\",\"Owin OAuth\",\"Token Based Authentication\"],\"articleSection\":[\"Asp.Net Web API\"],\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/\",\"url\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/\",\"name\":\"Asp.Net Web API - Token Based Authentication - G\u00f6khan G\u00f6kalp\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/#website\"},\"datePublished\":\"2015-09-01T22:56:57+00:00\",\"dateModified\":\"2015-09-03T10:31:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/#breadcrumb\"},\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/asp-net-web-api-token-based-authentication\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/gokhan-gokalp.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Asp.Net Web API &#8211; Token Based Authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/#website\",\"url\":\"https:\\\/\\\/gokhan-gokalp.com\\\/\",\"name\":\"G\u00f6khan G\u00f6kalp\",\"description\":\"C# &amp; Python lover\",\"publisher\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/#\\\/schema\\\/person\\\/7e2a7fa98babd22a5fdae563c4b8cdbe\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/gokhan-gokalp.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"tr\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/#\\\/schema\\\/person\\\/7e2a7fa98babd22a5fdae563c4b8cdbe\",\"name\":\"G\u00f6khan G\u00f6kalp\",\"pronouns\":\"he\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/wp-content\\\/litespeed\\\/avatar\\\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659\",\"url\":\"https:\\\/\\\/gokhan-gokalp.com\\\/wp-content\\\/litespeed\\\/avatar\\\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659\",\"contentUrl\":\"https:\\\/\\\/gokhan-gokalp.com\\\/wp-content\\\/litespeed\\\/avatar\\\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659\",\"caption\":\"G\u00f6khan G\u00f6kalp\"},\"logo\":{\"@id\":\"https:\\\/\\\/gokhan-gokalp.com\\\/wp-content\\\/litespeed\\\/avatar\\\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659\"},\"sameAs\":[\"https:\\\/\\\/gokhan-gokalp.com\"],\"url\":\"https:\\\/\\\/gokhan-gokalp.com\\\/tr\\\/author\\\/gok-gokalp\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Asp.Net Web API - Token Based Authentication - G\u00f6khan G\u00f6kalp","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/","og_locale":"tr_TR","og_type":"article","og_title":"Asp.Net Web API - Token Based Authentication - G\u00f6khan G\u00f6kalp","og_url":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/","og_site_name":"G\u00f6khan G\u00f6kalp","article_published_time":"2015-09-01T22:56:57+00:00","article_modified_time":"2015-09-03T10:31:10+00:00","author":"G\u00f6khan G\u00f6kalp","twitter_card":"summary_large_image","twitter_misc":{"Yazan:":"G\u00f6khan G\u00f6kalp","Tahmini okuma s\u00fcresi":"8 dakika"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/#article","isPartOf":{"@id":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/"},"author":{"name":"G\u00f6khan G\u00f6kalp","@id":"https:\/\/gokhan-gokalp.com\/#\/schema\/person\/7e2a7fa98babd22a5fdae563c4b8cdbe"},"headline":"Asp.Net Web API &#8211; Token Based Authentication","datePublished":"2015-09-01T22:56:57+00:00","dateModified":"2015-09-03T10:31:10+00:00","mainEntityOfPage":{"@id":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/"},"wordCount":1184,"commentCount":184,"publisher":{"@id":"https:\/\/gokhan-gokalp.com\/#\/schema\/person\/7e2a7fa98babd22a5fdae563c4b8cdbe"},"keywords":["Access Token","Asp.Net Web API G\u00fcvenlik","Asp.net Web API Token Based Authentication","Bearer Token","OAuth","OAuth 2.0","Owin OAuth","Token Based Authentication"],"articleSection":["Asp.Net Web API"],"inLanguage":"tr","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/","url":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/","name":"Asp.Net Web API - Token Based Authentication - G\u00f6khan G\u00f6kalp","isPartOf":{"@id":"https:\/\/gokhan-gokalp.com\/#website"},"datePublished":"2015-09-01T22:56:57+00:00","dateModified":"2015-09-03T10:31:10+00:00","breadcrumb":{"@id":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/#breadcrumb"},"inLanguage":"tr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/gokhan-gokalp.com\/asp-net-web-api-token-based-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/gokhan-gokalp.com\/"},{"@type":"ListItem","position":2,"name":"Asp.Net Web API &#8211; Token Based Authentication"}]},{"@type":"WebSite","@id":"https:\/\/gokhan-gokalp.com\/#website","url":"https:\/\/gokhan-gokalp.com\/","name":"G\u00f6khan G\u00f6kalp","description":"C# &amp; Python lover","publisher":{"@id":"https:\/\/gokhan-gokalp.com\/#\/schema\/person\/7e2a7fa98babd22a5fdae563c4b8cdbe"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/gokhan-gokalp.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr"},{"@type":["Person","Organization"],"@id":"https:\/\/gokhan-gokalp.com\/#\/schema\/person\/7e2a7fa98babd22a5fdae563c4b8cdbe","name":"G\u00f6khan G\u00f6kalp","pronouns":"he","image":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/gokhan-gokalp.com\/wp-content\/litespeed\/avatar\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659","url":"https:\/\/gokhan-gokalp.com\/wp-content\/litespeed\/avatar\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659","contentUrl":"https:\/\/gokhan-gokalp.com\/wp-content\/litespeed\/avatar\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659","caption":"G\u00f6khan G\u00f6kalp"},"logo":{"@id":"https:\/\/gokhan-gokalp.com\/wp-content\/litespeed\/avatar\/e645f66b6264ced10d7b6d8b1f85509b.jpg?ver=1776170659"},"sameAs":["https:\/\/gokhan-gokalp.com"],"url":"https:\/\/gokhan-gokalp.com\/tr\/author\/gok-gokalp\/"}]}},"_links":{"self":[{"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/posts\/409","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/comments?post=409"}],"version-history":[{"count":8,"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/posts\/409\/revisions"}],"predecessor-version":[{"id":426,"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/posts\/409\/revisions\/426"}],"wp:attachment":[{"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/media?parent=409"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/categories?post=409"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gokhan-gokalp.com\/tr\/wp-json\/wp\/v2\/tags?post=409"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}