Reputation: 709
Token based Authentication Web Api
I want to implement token based authentication for an ASP.NET Web API project.
I have come across 2 implementations the Katana/OWIN middleware, and another one called Identity Server 3
Would you recommend one over the other? My Web APi is only going to be accessed via the SPA. But I would like to have users login from a database store or using a 3rd party provider.
What are the benefits of Identity Server 3 ? Also it seems that IS3 acts a separate service/server. Does that mean there will be more roundtrips for authenticating?
Upvotes: 0
Views: 515
Answers (1)
Reputation: 1161
It sounds as if you want to accept identities from external providers as well as maintaining an internal database.
For external providers, you will need to validate the tokens that arrive. OWIN provides support for obtain the artifacts you need to validate a token by retrieving metadata from the IdentityProvider.
Your Web API should be able to obtain an access token and present it to your application by using 'OAuth Bearer'. This should be independent of using a Database.
Upvotes: 0
Related Questions
- Web API – authenticate with bearer token
- How Authorization Token Works?
- .NET Web API 2 OWIN Bearer Token Authentication
- use asp.net web api token to authenticate on mvc web site
- Angular2 + Web API + token based authentication
- Web API token authentication
- Angular and Web Api 2 Authentication: Bearer Tokens
- Web Api 2 with OWIN OAuth Bearer tokens
- AngularJS - Authentication with Bearer Token and Web API 2.0
- AngularJS / Web API 2 token Authenticaion