Reputation: 26897
Combining tokens and cookies auth for MVC 5 / Web API app
I have a web app that contains:
- Normal MVC controllers - must use cookie auth only
- Web API Controllers, that are used internally by the app (jquery calls etc) - should use cookie auth also
- Web API Controllers that are used externally (e.g. by a phone app) - must use token auth
Now, I've got the (Identity) auth set up so that it has:
app.UseCookieAuthentication(...) to setup the cookie auth for the web app; and
app.UseOAuthBearerTokens and app.UseOAuthBearerAuthentication to setup the token based side of things.
Is it possible to make sure that the MVC side of things doesn't support the tokens, and the web API side of things supports the tokens? Since some of the web API stuff is internal and some external, I think I'm happy if the API endpoints support either cookies or tokens.
Thanks.
Upvotes: 9
Views: 1435
Answers (1)
Reputation: 13699
Unless you have two different endpoints that can be differentiated at the Startup.cs level, you would need to create a custom ActionFilter to handle this scenario.
Upvotes: 1
Related Questions
- Using bearer tokens and cookie authentication together
- How to Add token authentication to web api in cookie authentication based asp.net mvc project
- Combining cookie and token authentication in ASP.NET Core
- Combine the use of authentication both for MVC pages and for Web API pages?
- JWT Token authentication - Doing it right way
- Implementing token based authentication for a project having both Web APIs and regular MVC controllers
- Using both cookie and JWT tokens in ASP.NET Web/API app
- Authenticate MVC clients with Web API Tokens
- Use cookie authentication in mvc5 project with web api controller
- MVC .NET cookie authenticated system acessing a Web Api with token authentication