I am developing an ASP.NET MVC 4 site on .NET 4.0. I am trying to authenticate the site to a WEB API. Now the site will pass a username and password and the WEB API will authenticate it. If authenticated, the WEB API will return a Token with roles, Time To Live etc. I am looking for a few pointers on this.
1.)How to generate this token?I dont want to use STS or anything else. Even a non fool proof approach would do. 2.)In the MVC side, i have to receive this token and set the current session as authenticated and make sure once TTL is expired i redirect the user to login page? Also in all the WEB API requests i need to send this token.
Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.
Generally you can either generate token and implement its verification logic manually or use some 3rd party tools.
For manual implementation look here or here at blog post, it could be a good starting point for you. It's based on http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs class.
For client side and OAuth concepts you can read here a good answer.
From 3rd parties a goo choice could be DotNetOpenAuth. It's a good library but is complicated when working with OAuth. Try to look at its Web API OAuth2 sample
Second questions - answer is yes. You validate token and set request as authenticated. Anyway you can look at Wep API OAuth sample, where it's implemented.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With