This project has moved. For the latest updates, please go here.

Can I do Web API 2 OAuth using On-Premises AD as an Identity Provider?

Jul 30, 2014 at 6:17 PM
Edited Jul 30, 2014 at 6:22 PM
I'm trying to use token auth with an intranet-based Web API 2 implementation. I'm hosting the API in IIS using Windows Auth. We have a local angular app that will talk to the API.

Ideally I'd like to have the API grant the angular client a JWT that includes the username and roles. I want to use built-in IIS Windows Auth to know who the user is. Then go to SQL and get API-specific roles for that user and zip them all up in a JWT via a ClaimsIdentity guy.

So when the client makes a request, the API can "decrypt" the JWT and automagically have the roles without having to go back to the DB.

I'm having trouble granting the token in the first place. Briefly, the OWIN pipeline seems to be unaware of my IIS-created WindowsPrincipal in the context of issuing the OAuth token. My issue is outlined in this Stack Overflow question.

Can someone help me? Am I not doing this the right way?