Reputation: 780
Authentication between Web App, Web API and Mobile App
I need suggestions for authentication between these three applications (web, API, mobile).
Use Case
- I have .Net Core Web API which works with basic authentication (i.e. username and password in header).
- I need to consume that API in my .Net Core Web App and Xamarin mobile app.
- I want to integrate security model between all three applications.
Problem Statements
- I don't have knowledge about how the same authentication can work for Web App and API.
- I don't want to use any third-party authentication provider. I would like to have my users in database only.
- What is best way to secure my API?
- Once I secure my Web API, How about authentication on Web App and Mobile App?
I know this is a broad question but simplest answer/way will help me to decide further path. I have enough knowledge about authentication like AD, OAuth, Open Connect, JWT But honestly not sure how to use it in my scenario.
Upvotes: 1
Views: 1473
Answers (1)
Reputation: 51
A simple way to do it would be have your API work with JWT and connect to a database holding your users info. You'd have a route that receives username and password and returns a token. For all the authenticated routes, the request needs this token on the header. For the clients (Web App and Xamarin), you'd store the received token as a cookie and send it together on every API call.
Upvotes: 1
Related Questions
- ASP.net 5 MVC app, with Web Api app - how to implement oAuth
- Web API Authentication for Xamarin Mobile app
- Securing ASP .Net Web API for usage with mobile application
- App authentication with WebApi on External Servers
- Authenticated REST API for a mobile app and website on ASP.NET Core
- Mobile app Web API authentication
- ASP.NET Web API Authentication (Web + Mobile)
- OAuth on REST API for mobile app
- Authentication and authorization using REST and ASP.NET Web Api from cross-platform mobile applications
- Authentication pattern for a web API exposed to an iPhone app