Reputation: 39092
ASP.NET Identity External Providers Web API without cookies
I have seen several ways to set up external provider support for authentication in ASP.NET Web API using Identity, however all of them rely on a cookie, that is set after the user is successfully authorized by the external provider (callled "AspNet.External"), which has to be then forwarded to the token endpoint on the Web API itself.
Is there any way to circumvent this and use external authentication with ASP.NET Web API without the need to use cookies? The reason for this concern is that I would like to integrate this authentication in my mobile app, but the user can disable cookies any time, rendering my app unusable.
Upvotes: 9
Views: 2562
Answers (1)
Reputation: 3050
What about using OAuth2?
- Build a oauth2 server with https://www.nuget.org/packages/Microsoft.Owin.Security.OAuth/ ,
- Set your server web api app as resource server, and enable oauth bearer authentication, which use Authentication header , not cookie.
- After get access_token from oauth2 server, set the Authentication header for your client request.
you can check out the code here:
https://github.com/beginor/owin-samples
Upvotes: 7
Related Questions
- How to persist cookie authentication when only using external identity provider without ever calling HttpContext.SignInAsync
- ASP.NET WebForms with API without Cookies
- IdentityServer4 External Authentication without cookies
- ASP.NET Web API 2: How do I log in with external authentication services?
- ASP.NET WEB API External Login
- External Authentication ASP.NET Web API
- OWIN Cookie authentication in Self-Hosted Web Api
- Web API Login with Cookie
- ASP.NET Identity using WebApi & External Login