Reputation: 877
Can I use Basic authentication in website and Token authentication in web Api, Is this wrong concept?
I need to create a website in asp.net, where user registrations required and also need to create a WebApi code for mobile app users.
Currently user registration is created in asp.net Webform, and login works fine(used basic authenication), but when I tries to login using WebApi code it shows error 400 bad request(token based authentication), all parameters passed are correct.
Is this happens because I used basic authentication in Webform ? Do I need to use basic authentication in WebApi also? if yes then how does it work for login? Please help.
Upvotes: 1
Views: 1306
Answers (2)
Reputation: 3831
I would use the same authentication model for both use cases. So to implement basic authentication in WebApi there is a good article from Mike Wasson. You can find the source code here. It's too much to copy it here.
Create your own [BasicAuthentication] Attribute and add it to your controller classes. I would not use cookies, instead send your credentials every time you call the Api within the Authentication-Header of your HTTP call. But make sure you use HTTPS!
And to answer your question about mobile apps: Yes of course, adding an authentication header is possible within any mobile application. Same advice here about using HTTPS...
Upvotes: 1
Reputation: 15478
You should be able to use the same basic auth for webapi that you use for webforms (both cookie based).
Upvotes: 0
Related Questions
- Token based authentication in Web API without any user interface
- Asp.net Web Api Token Authentication
- Basic Token authentification and authorization on Web.Api
- Basic authentication in web api
- Token based authentication in web api
- How to work with Basic and Forms authentication simultaneosly in IIS?
- Web API Security and Authentication - bearer token
- Basic authentication vs token authentication
- Token Based Authorization Web API
- Using form Authentication and Basic Authentication Authorization in Web Api