Menu
I have an existing project that I am looking to migrate to ASP.NET 5.
Currently it is a simple ASP.NET Web Forms project that references 2 DLLs:
Normally I shouldn't have to touch those 2 DLLs which are currently working fine. Now I'd like to replace the ASP.NET Web Forms project by 2 new components:
I've been playing with the templates available in VS2015, I've also been reading everything I could about authentication and I must say, I am now getting even more confused as to what I really need... :(
Do I need MVC in my back-end API? All the examples are done with ASP.NET MVC, but if I have a fully working SPA front-end, Don't I just need a simple RESTful service?
What do I need for authentication? Do I need ASP.NET Identity? Is Identity the new version of the old Membership? Does it take care of the creation of tokens? I already have a production database with all my users and hashed passwords. My Domain.dll assembly also has all the necessary code for validating users credentials.
What do I need if I want to allow other login services like Google or Facebook? I've created some web applications using both, ASP.NET 4.5 and ASP.NET 5 templates, to see how things are done, but that's where confusion got worse. ASP.NET 4.5 template uses Owin stuff (which I'm not familiar with), and ASP.NET 5 template doesn't.
Ideally here's what I'd really want: I'd like to create a Web API project with the minimum amount of dependencies, I'd like to avoid using sessions and cookies and I'd like to be able to use Google's and Facebook's services for logging in.
Thanks!
973
Similar to other middleware components in ASP.NET, Cookie Authentication is also a middleware component, which you need to plug into ASP.NET pipeline. For implementing cookie authentication, you require reference of Cookie middleware, here is the project.json file.
The following is the procedure to do Token Based Authentication using ASP.NET Web API, OWIN and Identity. Create an empty solution for the project template "ASP.NET Web Application" and add a core reference of the Web API and set the authentication to “No Authentication”.
OAuth2 and OpenID Connect in ASP.NET Core are standard popular protocols for implementation of Security feature to protect your application and data from unauthorized access. OAuth2 is an authorization protocol i.e. it allows clients to access protected resources like Web API by issuing access tokens to the client.
The token is generated from the server and our web API has a built-in way to understand this token and perform authentication. This type of authentication does not require cookies, so this authentication type can be used with mobile applications.
I'll say that... it sounds like a full rewrite.
Let's go over your points...
In ASP.NET 5 we don't really have MVC and WebAPI anymore. They are both very similar in concepts and have been merged. It's all about what you return. If you return an IActionResult, it will kick in the Razor and ViewEngines. If you return an object, then it will try to serialize your object based on HTTP Headers (what WebApi does).
If you have a full front-end SPA app with Angular? Yep. That's all you need and this whole MVC thing is not mandatory. You just need to create a web api. Microsoft have a nice tutorial right here on how to do it.
I would highly recommend an SSO. This mitigate the need to re-implement the authentication yourself. If you are more of a public application, try to support Facebook/Twitter/Google. If it's a business application, Azure AD can do the job but at that point, it's specific to what your client have so... it might not be the best solution.
No but for ASP.NET 5/MVC6, it's the only one that exist right now so for the moment? Yes you do but the whole ASP.NET system is made to be replaceable at every place in the system. Identity does not use the older membership system. It uses claims and that's a whole different subject.
Identity will take care of everything you need to authenticate every request (tokens and more). The good news? It supports Facebook, Google and many others.
Basically, ASP.NET 5 is a huge pipeline with dependency injection as a first class citizen. Adding element to the pipeline makes them available to those later in the pipeline.
This pipeline is configured in Startup.cs and is separated in 2 steps. ConfigureServices which is where the dependency injection is configured and Configure where the actual elements of the pipeline are added. Want to replace the default logger? ConfigureServices. Want to add an element in the pipeline? Configure.
That's it really!
144
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
