Dave New
Reputation: 40042
Web Api and OAuth authentication with multiple clients and users
We are a developing an AngularJS single page application with an ASP.NET Web Api 2 REST API. We are using OWIN middleware and OAuth, but are still unsure if we are taking the correct approach.
Our system consists of clients and users:
- Clients are organisations/companies.
- Users are employees of those companies. Users belong to a client.
Getting a bearer token with a clientId:
Should we be returning the clientId at this point?
The AngularJS front-end layer does need this clientId to perform other resource calls. For example:
api/clients/2345/ordersapi/clients/2345/orders/522api/clients/2345/departments
Upvotes: 1
Views: 788
Answers (1)
vibronet
Reputation: 7394
If you are working with companies, the active directory approach to SPAs (and Angular specifically) might be a good fit: you can use http://www.cloudidentity.com/blog/2014/10/28/adal-javascript-and-angularjs-deep-dive/ as a starting point. The token acquisition and use are fully abstracted there.
Upvotes: 1
Related Questions
- ASP.NET MVC + Web API2 + AngularJS authorization and authentication
- .NET Web API 2 OWIN Bearer Token Authentication
- OWIN Authentication Server for multiple applications
- AngularJS and OWIN Authentication on WebApi
- oauth token sharing multiple applications
- OWIN OAuth Authorization Server and individual accounts
- What is the best way for authenticating and authorizing Web Api for multiple consumers?
- ASP.NET MVC5/AngularJS/Web API app using Windows Authentication and OWIN
- AngularJS + ASP.NET Access Control Authentication
- Multiple Authentication / Authorization support for Web API via OWIN