Reputation: 321
How to use Web Services with ASP.NET Identity in asp.net mvc
I developed a project with ASP.NET MVC. In my project I have two kind of users: 1-User and 2-Customer.
I used ASP.NET Identity to Authorize users and I have method like this for login:
public virtual async Task<ActionResult> Login(LoginViewModel loginViewModel, string returnUrl)
{
var loggedinUser = await _applicationUserManagerService.FindAsync(loginViewModel.Email, loginViewModel.Password);
if (loggedinUser != null)
await _applicationUserManagerService.UpdateSecurityStampAsync(loggedinUser.Id);
var result = await _signInManagerService.PasswordSignInAsync(loginViewModel.Email, loginViewModel.Password, loginViewModel.RememberMe, shouldLockout: true);
switch (result)
{
case Microsoft.AspNet.Identity.Owin.SignInStatus.Success:
return RedirectToLocal(returnUrl);
case Microsoft.AspNet.Identity.Owin.SignInStatus.Failure:
break;
case Microsoft.AspNet.Identity.Owin.SignInStatus.LockedOut:
break;
default:
return View(loginViewModel);
}
return View(loginViewModel);
}
But I have a problem, I have to authorize Customer by Web Service and I don't know how to do it. Can I use ASP.NET Identity, or I should use Session ?
After login Customer can change pages and in each page I have to load some data from Web Services.
Is it secure to put data in cookie?
Upvotes: 1
Views: 1040
Answers (1)
Reputation: 721
First of all, Microsoft.AspNet.Identity.Owin.SignInManager, which you use for user authentication, is just a facade over Claim-Base Identity.
To authorize user in application, you only need to create ClaimsIdentity and run AuthenticationManager.SignIn method.
Your code be can changed the following way:
public virtual async Task<ActionResult> Login(LoginViewModel loginViewModel, string returnUrl)
{
...
//try to authenticate user via login and password
var result = await _signInManagerService.PasswordSignInAsync(loginViewModel.Email, loginViewModel.Password, loginViewModel.RememberMe, shouldLockout: true);
switch (result)
{
...
//try to authenticate customer via web-service
case Microsoft.AspNet.Identity.Owin.SignInStatus.Failure:
//proxy-class to access your web-service
CustomerServiceClient clientToService = new CustomerServiceClient();
var customerData = clientToService.LoadCustomerData(loginViewModel.Email, loginViewModel.Password)
...
ClaimsIdentity identity = CustomerIdentityHelper.CreateIdentity(customerData);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = loginViewModel.RememberMe}, identity);
break;
default:
return View(loginViewModel);
}
}
According to your last question where to store user data, you can store frequently used data in claims, which by default are encrypted and stored in cookie (if cookie-based authentication middleware is added to application pipeline). But the volume of such data should not be too large. Otherwise you can use session or to query data from service each time.
Upvotes: 1
Related Questions
- Call Web Api with Identity
- ASP.NET Identity in a Web API
- ASP.NET Identity in Services library
- ASP.NET Identity - Windows Authentication and Web Services
- Pass identity user to services
- How to implement Asp.net identity for authentication and authorization using service stack V3
- asp.net Identity outside of MVC
- Using ASP.Net Identity in MVC 4
- Web-service authentication from ASP.NET MVC 2 and FormsAuthentication
- how to authenticate user of ASP.NET web service which is part of ASP.NET web application?