Reputation: 1122
One AntiForgery token for all requests
I have Web API 2 web service with methods:
// Makes and returns Token by login/password.
string GetToken(string login, string password);
// Returns orders of current account.
Order[] GetMyOrders();
I want to authenticate user in GetMyOrders() by him Request to this method.
Request has to contain Token which will be mapped to accountId on the web-service side.
Client will use this Token for each Requests.
Can I implement GetToken() method using ASP.NET Identity?
And what is right way to authenticate using this Token and ASP.NET Identity? Can I use ValidateAntiForgeryTokenAttribute or something else?
GetToken() will work only through https, but GetMyOrders() will work through http.
Upvotes: 1
Views: 489
Answers (1)
Reputation: 2908
Yes you can implement OAuth Bearer Tokens in webapi.
Example below:
http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
The best way to authenticate the token is built-in, which means that you will only need to put the [Authorize] data annotation.
So basically you should use Owin middleware which will allow you to use OAuth Bearer token authentication.
Upvotes: 1
Related Questions
- Provide AntiForgery Token with System.Net.Http.HttpClient and MVC
- Handle AntiForgery Token in Winform and WebAPI
- Implementing AntiForgery Token on ASP.NET 4.6 WebForms
- Web Api OWIN - How to validate token on each request
- Asp.net Web Api Token Authentication
- Anti-Forgery Token + Web API (- MVC)
- AntiForgery Token implementation in WebAPI+AngularJS app
- passing token at every request with web api
- Token Based Authorization Web API
- Antiforgery Token