Matt Strom
Matt Strom

Reputation: 615

Authentication for MVC application and WebAPI sub-application

I am designing a web application, and I have split the application into two web projects, an MVC project and a WebAPI project. The MVC project is deployed to a virtual host bound to http://mysite.com/app. The WebAPI project is deployed as sub-application of the MVC application and is bound to http://mysite.com/app/Data. The reason for this split is so that the WebAPI site could be packaged as an independent assembly for the data tier, while the MVC site serves as the presentation tier.

Authentication and authorization are working as expected in the top-level MVC application, but not in the WebAPI sub-application. I would have expected the sub-application to share the same HttpContext as its parent. Am I mistaken about this?

Is there a way to couple the parent and sub applications together so that they use the same authorization context as each other?

Upvotes: 1

Views: 904

Answers (1)

Hongye Sun
Hongye Sun

Reputation: 3908

I don't think HttpContext can be shared between two applications.

Since two applications are under same domain, it's possible to share cookie authentication between them. Here is a MSDN link about sharing cookie for two applications.

I don't feel it's necessary to use two applications here. You can put all web api related code in another assembly and make MVC app to reference to it.

Upvotes: 3

Related Questions