I have Asp.Net MVC project that have users (I used Asp.Net Identity 2 for this) and i have another Asp.Net WebApi service.
I want to secure authenticate the WebApi to give access for only the Asp.Net MVC users to hit the end points and i don't want to use IdentityServer3 for this purpose.
Asp.Net MVC Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
}
I think i should use bearar token and JWT token and i can use Thinketure Identity Model in the WebApi side for this but i searched to find a clear way that describe how to do that but i didn't find?
For example i think that there are many options like SAML, JWT or OAuth 2 authorization code flow but what is the implementation steps?
