Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Combining tokens and cookies auth for MVC 5 / Web API app

Tags:

authentication

asp.net

asp.net-mvc

asp.net-web-api

web

I have a web app that contains:

  • Normal MVC controllers - must use cookie auth only
  • Web API Controllers, that are used internally by the app (jquery calls etc) - should use cookie auth also
  • Web API Controllers that are used externally (e.g. by a phone app) - must use token auth

Now, I've got the (Identity) auth set up so that it has:

app.UseCookieAuthentication(...) to setup the cookie auth for the web app; and app.UseOAuthBearerTokens and app.UseOAuthBearerAuthentication to setup the token based side of things.

Is it possible to make sure that the MVC side of things doesn't support the tokens, and the web API side of things supports the tokens? Since some of the web API stuff is internal and some external, I think I'm happy if the API endpoints support either cookies or tokens.

Thanks.

like image 652
Matt Roberts Avatar asked Jun 26 '14 13:06

Matt Roberts

People also ask

Is an auth token a cookie?

The main difference between cookies and tokens is their nature: tokens are stateless while cookies are stateful. With this in mind, why is there a need to store authentication on the browser?

How can I get HttpContext token?

You obtain a bearer (access) token from the HttpContext with the GetTokenAsync method by passing the access_token argument. This is how you add the access token to the request header: Copy request. Headers.

1 Answers

Unless you have two different endpoints that can be differentiated at the Startup.cs level, you would need to create a custom ActionFilter to handle this scenario.

like image 113
Maxime Rouiller Avatar answered Oct 11 '22 12:10

Maxime Rouiller
Sign in to Comment

Related questions

Javascript Handling in MVC3
UpdatePanel does not have a public property named 'TextBox'.
Telerik RadGrid Paging - Duplicate records and sticking buttons
Create a New Session ID (seamless ID transfer)
CSS + jQuery - Unable to perform .toggle() and repeated jQueryTemplate Item [I must warn you this is a bit overwhelming]
Is there a pattern I can use to edit dropdown lists in an MVC3 application?
ASP.NET Universal Providers [closed]
How do I handle countries that use multiple currencies in .NET?
How to treat unhandled thread-exceptions in ASP.NET?
Unable to serialize the session state because of Microsoft.Web.Services3.StateManager?
Multiple external files for url rewrite under web.config
SignalR - Switch between different Redis backplanes
User Agent switching in the middle of a request?
Using image404 with azurereader2 in ASP.net
System.Web.Providers doesn't work in medium trust
Algorithm for hours occupied in day by tasks
jQuery validate element without form
MassTransit NullReferenceException in ThreadPoolConsumerPool
Use performance counter in self host web application
ASP.NET close connection before sending all websocket data to client

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!