Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ASP.NET Web API + ASP.NET MVC Authentication

I am having question around authentication/authorization. Here's my application set up. Application 1 : ASP.NET MVC application which is served using browser. Application 2 : same functionality is served using hybrid mobile app, which is using ionic + angularjs on client side(app) and ASP.NET Web api on server side.

Now, both application have same user base and both need a common authentication/authorization module.

I have went through internet and found many good article which explains authentication with each application individually. I am clear to the point where I need to use token based authentication with OWIN middleware.

But I am not quite sure about how to implement common authentication module for both application. I am planning to have single hosting for ASP.NET MVC application and ASP.NET web api (back end part of app). How can I have common Authentication controller which is shared between both?

If I host both separate, I will have seperate AccountController for each(derived from "Controller" for MVC and derived from "ApiController" for WebAPI). But not sure, how can i merge this controller to have common authentication module in my solution

Am I in right direction with hosting both together? Or any other best practice i need to follow?

Thanks

like image 833
paresh.bijvani Avatar asked Jun 30 '15 20:06

paresh.bijvani


People also ask

What is difference in authentication in ASP.NET MVC and Web API?

Asp.Net MVC is used to create web applications that return both views and data but Asp.Net Web API is used to create full-blown HTTP services with an easy and simple way that returns only data, not view.

Can we use Web API in MVC?

If you have used ASP.NET MVC, you are already familiar with controllers. Web API controllers are similar to MVC controllers, but inherit the ApiController class instead of the Controller class. In Solution Explorer, right-click the Controllers folder. Select Add and then select Controller.

How will you implement authentication and authorization in ASP.NET web API?

Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.


1 Answers

Make one project that has MVC + API controllers.

MVC controllers will implement cookie-based authentication (they get auth ticket from cookie) and will be used to serve your mvc site.

API controllers will implement header-based authentication (they get auth ticket from header) and will be the back end of your Angular app.

Both MVC AND API controllers will access a class that gets the ticket and implement authentication/authorization logic specific to your needs.

This way you will be able to deploy one web app to one host that serve MVC site and Angular app.

like image 148
Omar Imran Mousa Avatar answered Sep 22 '22 15:09

Omar Imran Mousa