Reputation: 615
ASP.NET MVC 5 and WebApi 2 Authentication
I recently built an MVC 5 Web Site as a front end protoype and used Individual Accounts for authentication. I now need to build a WebApi2 backend that will serve this website as well as an iPhone app, and multiple other clients. I am confused regarding authentication with the MVC site and WebApi.
I want all user management to take place through the WebApi (which will use tokens) so that it is client agnostic however I don't know how Cookie authentication on the Website side will work without my Identity classes. It seems like I'll be duplicating code with the MVC site and WebApi. I want to use cookies for the mvc site, and oauth tokens for the webapi. Do I need create another project like an IdentityProvider to manage this? Or is there a clean way to implement this using just the MVC and WebApi projects. Thanks!
EDIT: I am mainly confused about how to manage user identity with users being able to login through both the MVC site and through a WebApi request. I need to be able to generate the UserIdentity and claims in a unified way and I am confused when I have both the MVC Individual Accounts template and the WebApi2 Individual Account authentication template to work with. I want to store users, claims, etc. in an AWS hosted MongoDB instance.
Upvotes: 14
Views: 6875
Answers (2)
Reputation: 158
Both templates (mvc and api) use a SigninManager and UserManager. The standard user manager implementation it's based on SQL Server and Entity Framework.
If you want to mantain user data on MongoDB, the best solution imo it's to roll your own UserStore to implement at least the IUserStore and IUserRoleStore interfaces, or use this nuget package
For the UserManager you can use the standard implementation.
The Asp.net identity that you are using it's open source and you can have a look on codeplex (the one on github it's for mvc 6).
I think that the best way to handle your scenario is:
- For website login, for standard web user, make a login action on a standard mvc controller and let the SignInManager do the work; you can use the standard Login method that comes with the template
- For api login, implement a simple OAuthAuthorizationServerProvider and override the GrantResourceOwnerCredentials method; this is a nice article that shows you all the steps
Hope this helps!
Upvotes: 2
Reputation: 865
Think of the membership provider as separate and independent of the technology used to dev the app. Authentication is authentication its not dependent on a particular technology.
http://www.asp.net/identity/overview/getting-started/aspnet-identity-recommended-resources
Upvotes: 1
Related Questions
- WebApi 2 Authentication and ASP.NET MVC 5 Applications
- ASP.net 5 MVC app, with Web Api app - how to implement oAuth
- WebApi Authentication is not applied to MVC
- MVC 5 and WebApi2 using OWIN OAuth
- Cannot understand MVC5 + WebApi2 Authorization
- OAuth v2.0 in combination with ASP.NET MVC 4 Web API
- Authentication for MVC4 Web Api
- MVC to WebAPI authentication for the same application
- .NET WebApi Authentication
- Authentication for ASP.Net MVC 4 and WebApi