Passing token from web app to api api (user auth)

Question

I have created two simple apps, one is a MVC Website the other a MVC API. The websites consumes a couple of methods from the API.

I have deployed both to Azure, to the 'App Services', the website as an Web App, the Api as an Api App. Until this point I haven't implemented any authentication, and it works fine.

Now, I want both resources to use authentication. So, from the Azure Portal I enabled authentication for both the WebApp and ApiApp. In the WebApp I set the values to: App Service Authentication: ON Action to take when not authenticated: Log In With Microsoft Account I configured a Microsoft Account

For the Api App I set the same values with the exception of the action to take, i set this to 'Allow Request (No Action)'. In the Api App code I set the [Authorize] attribute on my controller.

Now, when I goto the WebApp, i get redirected to the Microsoft Account Login Page, where I can login, and see the App. This works great. However, i'm unable to pass these credentials in any way to my Api App. Is it possible to create (or get) a token and pass it to the Api App? So in the Api App i'm automatically authenticated, and from there I can get the user data I need?

Answer 1

You can use OAuth for Bearer token based authentication on the webapi side. Configure your web api to issue tokens. Once you are authenticated in mvc application, send a request to the api server with body - grant_type=password&username=uname&password=pwd. once you get the token, you need to store it in a cookie/local storage, then on every request to web api, you need to add Authorization header with this token value.