Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authenticating multiple WebAPIs with a single Identity Authentication layer

Tags:

c#

authentication

asp.net

asp.net-web-api

asp.net-web-api2

I've been wrestling with how to simplify our WebAPI/Identity authentication for our current/future WebAPIs. I'm new at this, but I'll explain it the best I can. We started with a single WebAPI and setup ASP.Net Identity to handle the authentication and such. Then we setup another, and soon it will be 30.

What we currently have

The problem here is obvious - for every new WebAPI we have to plug in yet another MS Identity Authorization layer. In some cases just having a single, massive WebAPI would work, but in this case these are totally separate products (plus its bad design).

So we wanted to shoot for something like this:

What we've been asked to do

But I'm having a hard time figuring out how each WebAPI would get User information so I could check roles and such.

I've read many posts on WebAPI authentication such as: this this and this but it seems everything I find has to do with securing that SINGLE WebAPI and we know how to do that already. It feels like what we need is an SSO approach for our WebAPIs. It almost seems that we need something like the External Authentication approach (like Facebook, Twitter, etc) but using our own backend DB - I just don't know the proper terminology.

So I'm turning to the experts for help in getting me headed the right direction:

  • Is it common practice to have each WebAPI have it's own authentication/authorization layer that each point to the same DB?
  • Is the single auth layer concept built in to the WebAPI/Identity already or do I have to do it from scratch?
  • Is an Authentication Filter what we should be using?

I could hack it all together behind the scenes, but it feels like there is an obvious answer out there that I am missing.

Is there a built-in way to setup a "Trust" between each WebAPI and an Authentication API to do something like this:

Trust flow

This is the direction we are currently heading:

Current Direction

If I could just get a general push in the right direction, I'd be pleased as punch. I just don't want to reinvent the wheel.

Oh, and before I forget, we are using asp.net 4.5, WebAPI 2, Identity 2, on IIS

Thank you for any pointers.

like image 366
PRB Avatar asked Oct 20 '22 18:10

PRB

1 Answers

What you are looking for is Federated Identity for your own web apis and is something that Thinktecture's Identity Server aims to solve. The documentation is probably the best place to start

like image 117
Russ Cam Avatar answered Oct 22 '22 08:10

Russ Cam
Sign in to Comment

Related questions

Configure Microsoft.Owin.Logging.ILogger
Dynamically create controls / objects in C# MonoMac (NSButton, NSLabel)
XamlWriter.Save() is not serializing DependencyProperties
"Timeout while getting a connection from pool." Hangfire.Postgres

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!