ASP.NET MVC / Web API User Authentication

Question

ASP.NET MVC / Web API User Authentication

I have a hybrid ASP.NET MVC 4 / Web API application. Authentication is being processed by an existing application. Considering the protection of these types of applications, most articles point to the use of forms and attribute authentication [Authorize]on the controllers and actions of the MVC and API that you want to protect. I would like to use the attribute [Authorize]because it will handle MVC routes and API routes, but I'm not sure how to do this without the actual form and using the built-in membership provider.

Should I go with the simple approach described here ? Or should I create a user membership provider that handles the logic?

For clarity, the workflow will be as follows:

A user logs in through an existing authentication portal.
If they are authenticated, they are redirected to my application along with some additional data, such as username and email address (therefore, passwords do not need to be transmitted)
My application sets an authentication cookie that allows the user to continue using the application.

Any help would be greatly appreciated.

+4

authentication c # asp.net-mvc asp.net-web-api

Bart jedrocha Apr 08 '14 at 20:41

source share

3 answers

, Single Sign-On. SSO, OAuth2 WS-Federation, .

, SSO , " ". , , / , IdP - , (, cookie ).

Authorize . , , Forms. , , Forms (, ).

SSO, :

http://msdn.microsoft.com/en-us/library/ff423674.aspx

+1

Wiktor Zychla 08 . '14 20:56

You can use Owin to handle this. Here's the code snippet I'm using to authenticate with Facebook that also uses cookies:

using Microsoft.AspNet.Identity;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Owin;

namespace ASPNetMVC53rdPartyAuth
{
    public partial class Startup
    {

      public void ConfigureAuth(IAppBuilder app)
      {
        // Enable the application to use a cookie to store information for the signed    
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login")
        });
        // Use a cookie to temporarily store information about a user logging in with a              
        // third party login provider
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // third party login providers: 


        // You have to register this app at https://developers.facebook.com/ and get the     
        //appId and appSecret.   
        // Facebook requires SSL, so that need to be enanbled.  Project url can be found  
        // under project properties and can be localhost.
         app.UseFacebookAuthentication(
           appId: "xxxxxxxxxxxxxxxx",
           appSecret: "xxxxxxxxxxxxxxxx");
         );           
      }
    }
}

0

Maksood Apr 08 '14 at 21:22

source share

AaronLS · Accepted Answer · 2014-04-08T22:30:49+0000

Option 1

, , cookie , :

.NET(#) - MVC2?

2

, , , cookie . , :

cookie ?

, .

3

SSO . , SSO . SSO - , cookie, # 1 2 , .

cookie , .

" , ?

- , SetAuthCookie(username, .... , , -, , . , -API, . , , .

, , - , username, SetAuthCookie(username, .... , SSO. SSO, : " Bob123, , Bob123, - .

№1 №2 , , , , cookie.

, cookie. cookie , cookie .

SSO , , , , ( cookie comain).

, :

cookie , - , , SSO.

ASP.NET MVC / Web API User Authentication

More articles: