0

I am researching my first RESTful API project to interact with the automation side of our ERP system. The focus is to provide the user a list of requisitions to approve or decline I am planning a SPA like here. They would receive email notification that they have requisitions to review.

My aim is first develop the app on my internal company Domain using AD groups to authenticate and authorise the web app. The approach I believe I should be using is here. However, I note that the msdn links referenced in this question are marked as outdated what is the newer content?

Also the main method to access the web app will be a link in an email, we have the usual complaints having to enter too many password. Is there a way to stop this? I was considering something like this would it work?

If I am successful achieving the above my ideal solution would be to make the web app so users could access the web app from anywhere and to also embedded button in the email with a call to the web api for quick approval of the requisition. However, if I open the web app up I am uncertain how to use Windows authentication as clearly the calls to the API's would be from outside the company Domain?

Therefore, with my altimate aim in mind is there a better method of security I should be consider from the start?

Ian W
  • 385
  • 2
  • 10
  • 30
  • Do you currently use Office 365? If so, use "organisational security" in your web app right now. They log in with their email credentials (under some circumstances, they don't need to log in at all.). I think it's changed names again but this might help: https://learn.microsoft.com/en-us/aspnet/identity/overview/getting-started/developing-aspnet-apps-with-windows-azure-active-directory it's basically a choice when you create your project. – Nick.Mc Jul 24 '18 at 02:29
  • No we do not use 365 – Ian W Jul 24 '18 at 06:08
  • You need to consider which cloud identity provider you will be using when you are no longer using windows authentication. i.e. if not O365, Google, Facebook or something like that. I _think_ that if you follow this: https://learn.microsoft.com/en-us/dotnet/framework/security/how-to-build-claims-aware-aspnet-app-using-windows-authentication then you will have an app right now that uses windows authentication, but since it uses "claims", it will more easily be ported to a different identity provider later. Best wait for an expert to comment on that though. – Nick.Mc Jul 24 '18 at 06:35
  • Ok I will look into that thanks – Ian W Jul 24 '18 at 07:23

0 Answers0