Reputation: 1478
Implementing token based authentication for a project having both Web APIs and regular MVC controllers
I have a project that has both regular MVC controllers with Views as well as Web APIs. I have implemented Forms authentication. This protects both my Web API as well as my MVC controllers. However since cookies are not supported by Mobile browsers I am looking for implementing an alternate token based authentication. Following questions
1) Is there any way to use token based authentication for both Web API as well as regular MVC controllers ?
2) Is there any way to pass bearer token automatically by the browser instead of manually putting it in request headers ?
3) How can I include authorization information in the bearer token ?
Upvotes: 4
Views: 12231
Answers (1)
Reputation: 705
In response to your questions
1) you are looking at a hybrid flow which allows multi user clients being MVC and Mobile clients to obtain and use tokens, refreshing tokens is only available from the MVC client from what I know.
2) you can use identity server to send through authorization tokens or use the link below where you will insert authorization information (roles based) when sending tokens.
Please look at the following tutorial, it'll help in most of your requirements http://bitoftech.net/2015/01/21/asp-net-identity-2-with-asp-net-web-api-2-accounts-management/
Upvotes: 2
Related Questions
- How to implement REST token-based authentication with JAX-RS and Jersey
- How to use JWT in MVC application for authentication and authorization?
- Combine the use of authentication both for MVC pages and for Web API pages?
- Web API token based authentication
- Implementing Authentication and role based authorization in ASP.NET MVC web API service and MVC client architecture