Call external Web API from MVC project with windows Auth

Question

I have an existing MVC application that I inherited from someone else.

I am now trying to take some of the API calls from the old application and move them into a new application.

The problem is, when the MVC application tries to call the API calls in the new application, it gets a 401.2 (unauthorised) response.

I have read that 401.2 means that the front end and the back end are using different authentication protocols, which would make sense to me.

Here is a snip of the response headers for the account call in the new application:

and here is a snip of the same response headers when calling the same API from the old application:

This looks to me like they are using different protocols - am I correct? The main difference seems to be the 'WWW-Authenticate:Negotiate' on the failed request - but I do not know how I can fix this?

If so, can anyone advise what I need to change in my MVC project to make it use the Auth type of the first project?

Both aps use the same database if that is any help?

I know this question is a bit vague, but I have no idea where to look to fix this.

Any help would be greatly appreciated...

Answer 1

You would need a Single Sign-on to maintain your credentials through different apps, you could:

• Use Identity Server 4 or Identity Server 3 To generate token credentials for you WEB API Projects. MVC JS

• User Forms authentication on your mvc Projects: Example

• Use cookie based Authorization: Cookie authorization with OWIN

I recommend Using Identity Server.