Web api bearer token example

Leave a Comment
we will discuss how to use bearer token for authentication and retrieving data from the server. 

We want to implement a page that retrieves employee data from the server. If the user is not authenticated, he should be automatically redirected to the login page. The user should be able to get to the data page, only if he is logged in.
asp.net web api bearer token authentication

Add a new HTML page to the EmployeeService project. Name it Data.html page. Copy and paste the following HTML and jQuery code.

<!DOCTYPE html>
    <meta charset="utf-8" />
    <link href="Content/bootstrap.min.css" rel="stylesheet" />
<body style="padding-top:20px">
    <div class="col-md-10 col-md-offset-1">
        <div class="well">
            <input id="btnLoadEmployees" class="btn btn-success"
                   type="button" value="Load Employees" />
        <div id="divData" class="well hidden">
            <table class="table table-bordered" id="tblData">
                    <tr class="success">
                        <td>First Name</td>
                        <td>Last Name</td>
                <tbody id="tblBody"></tbody>
        <div class="modal fade" tabindex="-1" id="errorModal"
             data-keyboard="false" data-backdrop="static">
            <div class="modal-dialog modal-sm">
                <div class="modal-content">
                    <div class="modal-header">
                        <button type="button" class="close" data-dismiss="modal">
                        <h4 class="modal-title">Session Expired</h4>
                    <div class="modal-body">
                            <h2 class="modal-title">Close this message to login again</h2>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-danger"
        <div id="divError" class="alert alert-danger collapse">
            <a id="linkClose" href="#" class="close">&times;</a>
            <div id="divErrorText"></div>

    <script src="Scripts/jquery-1.10.2.min.js"></script>
    <script src="Scripts/bootstrap.min.js"></script>

    <script type="text/javascript">
        $(document).ready(function () {
            if (sessionStorage.getItem('accessToken') == null) {
                window.location.href = "Login.html";

            $('#linkClose').click(function () {

            $('#errorModal').on('hidden.bs.modal'function () {
                window.location.href = "Login.html";

            $('#btnLoadEmployees').click(function () {
                    url: '/api/employees',
                    method: 'GET',
                    headers: {
                        'Authorization''Bearer '
                            + sessionStorage.getItem("accessToken")
                    success: function (data) {
                        $.each(data, function (index, value) {
                            var row = $('<tr><td>' + value.ID + '</td><td>'
                                + value.FirstName + '</td><td>'
                                + value.LastName + '</td><td>'
                                + value.Gender + '</td><td>'
                                + value.Salary + '</td></tr>');
                    error: function (jQXHR) {
                        // If status code is 401, access token expired, so
                        // redirect the user to the login page
                        if (jQXHR.status == "401") {
                        else {

At the moment, the only way to log off the user is by closing the browser window. As we are storing the bearer token in browser session storage, when we close the browser we loose it from the session. In our next post we will discuss, how to explicitly log out the user without closing the browser window.


Post a Comment

Note: only a member of this blog may post a comment.