Menu
We are planning to start developing our new site with ASP.Net, MVC and AngularJS. I will also have a WebApi that i would like to use oAuth authentication with, because it is easy to to pass in token, plus may want to allow users to login with Google, Facebook etc in the future.
Questions
If i want to use oAuth on my WebApi (which is a separate application), what authentication method should i be using for my asp.net MVC website? oAuth? Forms? Both? And how do you implement this? On my API i wrote a simple oAuth provider that asks for a username and password and returns a token string.
Should my WebApi have a single sign on login page to interact with the website? Or should the login page be on the website? Should the login page use client side calls or server side calls?
What is actually within the oAuth token and how does it link to my website? Do I have to do something on the server once they login via Facebook/Google? Can I use this token on my server to determine which user is logged in?
Our website has many databases, all the same, but depending which user is logging in, depends on which database they can view data from. Is this easy to cope with using standard method/objects in ASP.Net MVC? Or is this going to force me in writing my own code?
Any advice would be appreciated as well!
987
OAuth provides client applications a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials (from the Wikipedia). OAuth stands for Open Authorization.
OAuth, which is pronounced "oh-auth," enables an end user's account information to be used by third-party services, such as Facebook and Google, without exposing the user's account credentials to the third party.
Web API assumes that authentication happens in the host. For web-hosting, the host is IIS, which uses HTTP modules for authentication. You can configure your project to use any of the authentication modules built in to IIS or ASP.NET, or write your own HTTP module to perform custom authentication.
If are you planning to use MVC 5 You could use Asp.Net Identity. Take a look here: http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
I hope this could help you. Diego
98
Your best bet :
This topic shows how to secure a web API using OAuth2 to authenticate against a membership database for both local and social login
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
1
answered Oct 19 '22 04:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
