Extending Individual Account Authentication for ASP.NET Web API RRS feed

  • Question

  • Following the tutorials on the subject, a client can request an access token and also authenticate themselves by posting username and password data to /Token. This issues an access token.

    However how do you intercept that to perform checks such as invalid access request checks and lockout checks.  These features are available on the Membership provider but /Token seems to bypass them.

    Is there a way to perform these checks before a token is issued?  Or do we need to write our own Login routine and issue the tokens manually?


    • Moved by Kristin Xie Friday, January 16, 2015 6:34 AM
    Thursday, January 15, 2015 9:24 PM


  • Hi ,

    Question related to  ASP.NET Web API should be post in Web API forum


    Thanks for your understanding.

    Best regards,


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by Just Karl Friday, January 16, 2015 3:59 PM
    • Marked as answer by Just Karl Friday, April 17, 2015 8:04 PM
    Friday, January 16, 2015 6:34 AM