ASP.NET MVC4 and Web API Authentication + Authorization (Windows 8 and Web)

Question

I created an ASP.NET MVC 4 Internet Web Application using Simple Membership db for storing users, roles and profiles.

In my app I created a Web API controller that will respond to the http:// 127.0.0.1/api/users and this call will return a list of all users stored in the db as JSON.

The UsersController is decorated with [Authorize] attribute therefore any call to the http:// 127.0.0.1/api/users have to be authenticated.

On the main page I have a button that once pressed a jQuery ajax get request is performed and will show the list of users returned by the Web API (json).

If I am logged in and I press the button, everything works fine ... the list of users is retrieved and shown.

If I am not logged in, the message show is 401 - Unauthorized (custom message in jquery call statusCode) so it works as it should because of the [Authorize] attribute.

My question: How can I authenticate when a Web API makes a request to it, to get the list of users and show them from a Windows 8 app or Windows Phone 8 or Windows Forms for example? In other words, from a client other than the web browser?

Answer 1

You should make another api, that checks the authentication from the Windows 8 app or Windows.

If its pass successfully from the authentication, then only you have to show user list to the client.

Answer 2

That depends on how you're coding your app, but basically, you'll use http protocol for this. Take a look at ASP.NET MVC - HTTP Authentication Prompt and http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-membership-provider/