Web site Authentication against Web API

Question

I have the following scenario with net core 3. A web site with a login page. This login page sends the user and password to a Web API that response with a JWT token if the credentials are correct.

How can I set now my web user as authenticated? how can I set the claims of the web user with the claims I recieve from the API token?

Is it neccessary to add any service on the startup of something similar?

Could you provide me with any basic sample of how to do it or any documentation?

Thank you

Nan Yu · Accepted Answer

You can use cookie authentication :

In the Startup.ConfigureServices method, create the Authentication Middleware services with the AddAuthentication and AddCookie methods:

services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
        .AddCookie(options =>
        {
            options.LoginPath = "/Account/Login";
        });

And enable middleware in Configure :

app.UseAuthentication();
app.UseAuthorization();

And in the action which user post credential to , you can send a http request to web api with credential , web api will validate the credential and return back jwt token , your web application then decode token and sign in user like :

var stream = "[token]";
var handler = new JwtSecurityTokenHandler();

var tokenS = handler.ReadToken(stream) as JwtSecurityToken;


var claimsIdentity = new ClaimsIdentity(
    tokenS.Claims, CookieAuthenticationDefaults.AuthenticationScheme);

var authProperties = new AuthenticationProperties
{

    RedirectUri = "/Home/Privacy",

};

await HttpContext.SignInAsync(
    CookieAuthenticationDefaults.AuthenticationScheme,
    new ClaimsPrincipal(claimsIdentity),
    authProperties);

Web site Authentication against Web API

Answers (2)

Related Questions