All geek questions in one place

Deploy Web APIs with OAuth and a Single Page Application

We are developing an API and a one-page application (this is one of the possible future consumers).

We've already started working with the web API and basically implemented a system very similar to the one that John Papa did in his multi-spectrum course called Building Single Pages Apps (SPA) with HTML5, ASP.NET web API, knockout and jquery. "

Now we need to implement authentication and user management in this application, and you need to find a simple way to implement this in a minimum of time, as we are in a hurry.

We realized that the SPA template included in the ASP.NET update has very similar functions to our needs, but we are wondering what is the best approach to implement a similar function in our existing code.

We are novice developers, as you can understand.

Is it possible to install some packages using the package manager, and voila, simple membership and the auth AAuth option will be available?

Our use case is that we need to protect some of the resources of our API based on roles, so that you can log in using your username and password, and log in using your facebook, google or twitter accounts.

+4
source share
3 answers

In the end, we went with the SPA template by performing API authentication (a separate part of MVC). Then the API will create a unique token and redirect the user to the interface with a marker in the url parameters.

Then the front end should send this token on every subsequent request.

+3
source

Found an interesting conversation about the subject here: https://vimeo.com/43603474 named Dominick Baier - ASP.NET Web API Protection.

Synopsis . The new Microsoft environment for writing RESTful web services and web APIs is pretty well called the ASP.NET Web API. As the name is applied, this technology is part of ASP.NET and also inherits its well-known security architecture. But in addition, it also supports a number of new extensibility points and flexible hosting infrastructure outside of IIS. There are several ways to do authentication and authorization in the web API - from Windows to usernames and passwords to authentication on tokens and everything in between. This conversation discusses various options and focuses on technologies such as claims, SAML, OAuth2, simple web tokens, and delegation.

+3
source

Take a look here - Identity Server, made by security experts. This is all you need in one package.

In OAuth terms, you will need to use the client web application thread, which the access token immediately issues to the client and can be used.

0
source

Source: https://habr.com/ru/post/1205000/

More articles:


All Articles