I need to authorize my web client asp net mvc app with asp net web api. How to authenticate? i have a wep api server an have access to database, but my asp net mvc app don't access to the database.
Asked
Active
Viewed 826 times
0
-
Could you explain more? Do the `MVC` server needs to authorize your users while just `WebAPI` server has access to your users info? – Sam FarajpourGhamari Oct 17 '15 at 15:34
2 Answers
0
Assuming here Web API does all database related operation, MVC project is for UI purpose which calls Web API through JavaScript or HTTPClient.
Implement Identity Management(Authentication API) using Identity 2.1/ Web API. Use this Identity Management. Implement Token based authentication so that you can use "Authorize" for point 2
Use this Identity management along with Web Api which talks to database. Use appropriate web api methods with "Authorize" attribute.
Let MVC application authenticate users by accessing this newly created Identity Management, on success keep hold of tokens, call web api(database) with token in headers which will look for authorize and gives proper access to web api methods.
Using this approach will give web api(database) strong authentication layer, plus api's will work with different clients MVC, WPF, mobile apps. Some additional efforts are involved but its worth in long term.
Mithun Pattankar
- 1,372
- 1
- 8
- 12
0
Have a look at this, actually it is a big article and it has a lot of things that you might.
To have fast look at the authentication part search for GenericAuthenticationFilter in the article.
The another thing which related to call it from mvc, it is already answered: How to call an ApiController from another .net project?
I hope this helps.
Community
- 1
- 1
Mahmoud Hboubati
- 1,007
- 11
- 26