Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Double authentication with Web app & Web API needed?

Tags:

asp.net-mvc

asp.net-web-api

I'm stuck on how to solve following problem. I'll start with describing what my app looks like in a general context.

[ ASP MVC (Angular App) ]

  • Uses Owin cookie

[ WEB API 2 ]

  • Uses Oauth Token Bearer

This scenario is happening: User visits app and authenticates with a login form which lies in ASP MVC app and generates a cookie.

Now I've decided to use AngularJs to add a couple features which made me use $resources and Web API 2. However, those features are only available if user is authorized.

To the problem: Now I must use a token for each request to the Web Api 2 to access different methods within controllers. This means I must login the user again but this time through AngularJs. Using /token route.

How would I do this? Should I take the cookie, check credentials in it and send it as a authentication request? Can I do something within the form authentication, in the same method, in the Asp MVC app?

Please help me, this gave me a lot of overhead. Walking from a simple app to this in 30min. Can't even get my head around all stuff in the authentication.

Regards!

like image 614
Rovdjuret Avatar asked Feb 02 '15 21:02

Rovdjuret

People also ask

What is an example of a Web application using multifactor authentication?

Multi-factor authentication methods Possession factors (something the user owns) – Examples of this authentication type include a mobile phone, USB token and a card reader.

1 Answers

My WebAPI supports both token and cookie auth.

During startup I register the authentication like this:

private void ConfigureAuth(IAppBuilder app)
{
    //Token 
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
    {
    });

    // Enable the application to use a cookie to store information for the signed in user
    app.UseCookieAuthentication(new CookieAuthenticationOptions
    {
        AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
        LoginPath = new PathString("/Account/Login"), 
        Provider = new CookieAuthenticationProvider
        {
            OnApplyRedirect = ctx =>
            {
                // this is to ensure that a 401 response is sent if the
                // user is not authenticated, rather than redirecting to
                // a logon page.
            }
        },
        CookieDomain = ".example.com" //might not need to set this
    });
}
like image 196
Brendan Green Avatar answered Oct 11 '22 13:10

Brendan Green
Sign in to Comment

Related questions

How to deploy to production with entity framework code first
I'm not getting friendly url in a form with GET method
AutoMapper issue when mapping back to DTO from ViewModel
MVC4 Ajax Form URL
What is the best practise to maintain authenticated user details in an ASP.NET Intranet MVC application
call to window.open() returns null on IE 11 + Windows 8.1 Preview
RedirectToAction to different controller without changing URL
XML Spreadsheet into Excel using MVC, Cell format always General, how to change?
How to add a span tag in an a tag using Html.ActionLink
How should customize ASP.Net Identity
Deploying an ASP.NET MVC in production, while users are still online
Exposing Large Data Models via OData and WebAPI
Passing a model between several views/controllers in ASP MVC 4
Is it possible to see a list of executing functions in Visual Studio while debugging without breaking?
Visual Studio 2013 Autoformat (CTRL K D) lower case issue with cshtml
IdentityUserLogin does not contain a definition for User
The value 'XX/YY/ZZZZ" is not valid for DateTime variable
Does ASP.NET MVC executes requests in queue or simultaneously
Are all phases of an ActionFilterAttribute guaranteed to be called?
Custom Asp.net mvc 5 authentication without using Microsoft.AspNet.Identity.EntityFramework

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!