I recently built an MVC 5 Web Site as a front end protoype and used Individual Accounts for authentication. I now need to build a WebApi2 backend that will serve this website as well as an iPhone app, and multiple other clients. I am confused regarding authentication with the MVC site and WebApi.
I want all user management to take place through the WebApi (which will use tokens) so that it is client agnostic however I don't know how Cookie authentication on the Website side will work without my Identity classes. It seems like I'll be duplicating code with the MVC site and WebApi. I want to use cookies for the mvc site, and oauth tokens for the webapi. Do I need create another project like an IdentityProvider to manage this? Or is there a clean way to implement this using just the MVC and WebApi projects. Thanks!
EDIT: I am mainly confused about how to manage user identity with users being able to login through both the MVC site and through a WebApi request. I need to be able to generate the UserIdentity and claims in a unified way and I am confused when I have both the MVC Individual Accounts template and the WebApi2 Individual Account authentication template to work with. I want to store users, claims, etc. in an AWS hosted MongoDB instance.
Asp.Net MVC is used to create web applications that return both views and data but Asp.Net Web API is used to create full-blown HTTP services with an easy and simple way that returns only data, not view.
Using OAuth 2.0, it is possible for the application to access the user's data without the disclosure of the user's credentials to the application. The API will grant access only when it receives a valid access token from the application.
ASP.NET MVC Authentication | Four Different Ways of Authentication.
Both templates (mvc and api) use a SigninManager and UserManager. The standard user manager implementation it's based on SQL Server and Entity Framework.
If you want to mantain user data on MongoDB, the best solution imo it's to roll your own UserStore to implement at least the IUserStore and IUserRoleStore interfaces, or use this nuget package
For the UserManager you can use the standard implementation.
The Asp.net identity that you are using it's open source and you can have a look on codeplex (the one on github it's for mvc 6).
I think that the best way to handle your scenario is:
Hope this helps!
Think of the membership provider as separate and independent of the technology used to dev the app. Authentication is authentication its not dependent on a particular technology.
http://www.asp.net/identity/overview/getting-started/aspnet-identity-recommended-resources
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With