Reputation: 99
Getting logged in user from .Net Core 3.1 Web API
I've been struggling with this implementation for months. I had a workaround but it's far from ideal.
I've been struggling to get access to the current logged-in user from within my Web API. Ordinarily, I'd perhaps log in through the client and then authorise through a token. The problem I have, however, is that the client isn't the software that makes the log in request.
The client is written in Unity 3D and is embedded into the site. It shares data with the site via a Web API. Before the user gets access to the client, however, they have to log into the site through a standard .Net Core login system. So, as you can see, there's no way to pass an authentication token to the client. What I'm trying to do is have the Web API respond to requests by accessing only the details of the current logged-in user.
At the moment, I've tried gaining access to user data via HttpContext but in order to do that, I've had to enable Windows Authentication in the project. But now, all calls to the Web API result in a 401 error as the client itself can't send any authentication information.
So, what I need to do is find a way to get current logged in user information inside a Web API where the API doesn't need to receive any tokens or other information to do it.
Any ideas how that might be possible?
Upvotes: 1
Views: 304
Answers (1)
Reputation: 4022
UPDATE 5/8/2020
Passing authentication token from
webtoUnity 3D
Since you have less detail about client, I take a example about Unity Web Player and browser communication.
Calling Unity web player content functions from the web page
The Unity Web Player object has a function, SendMessage(), that can be called from a web page in order to call functions within Unity web player content. This function is very similar to the GameObject.SendMessage function in the Unity scripting API. When called from a web page you pass an object name, a function name and a single argument, and SendMessage() will call the given function in the given game object.
<script type="text/javascript" language="javascript">
<!--
//initializing the WebPlayer
var u = new UnityObject2();
u.initPlugin(jQuery("#unityPlayer")[0], "Example.unity3d");
function SaySomethingToUnity()
{
u.getUnity().SendMessage("MyObject", "MyFunction", "Hello from a web page!");
}
-->
</script>
You can use to send authentication token.
So, what I need to do is find a way to get current logged in user information inside a Web API where the API doesn't need to receive any tokens or other information to do it.
If we have a API to get tokens as you expect, then you access all APIs with this token. Authentication will be useless and system becomes unsafe. Because everyone can access with the magic api.
Upvotes: 1
Related Questions
- ASP.NET Core Web API Authentication
- c# .net Web Api Windows and Anonymous Authentication get current user
- Identity in C# ASP.NET Core Web API user
- Call Web Api with Identity
- How to get the current logged User in an ASP.NET Core WebApi Controller
- Asp.net Core Web API - Current user & Windows Authentication
- ASP.NET Core - How to get currently logged in user
- Getting logged in user from web api
- How to get the authorized user in a web API in .NET Core?
- asp.net core 1.0 get windows identity in webapi