All geek questions in one place

Basic authentication between two ASP.NET applications based on ASP.NET identifier

I have several applications in my solution and I want to share authentication between them. To simplify, let's say I have two WebAPI applications. I authenticate with an endpoint /Tokenand get a token carrier in return. After that, I put this token in the header Authentication:.

Now by logging in to WebAPI_1, I can get the data from the [Authorize]-decorated methods. But this does not work if I want to do this in WebAPI_2.

These WebAPIs are pre-built VS2013 WebAPI 2.1 templates with an ASP.NET 2 identifier. Each of them is installed individually, but they are connected to the same database.

How do I solve this problem?

I plan to load the LoadBalanced architecture where the client application (AngularJS) communicates with the WebAPI. Now I should be able to duplicate the WebAPI, and so the user must authenticate with all of these.

http://i62.tinypic.com/2vlp8c6.png

+4
source share
3 answers

[Authorize] -Attribute does nothing more than authenticate the current principal.

How are WebAPIs configured? Make sure your authentication tools always run before the WebAPI middleware. This is most likely your problem.

0
source

WebAPI_1, WebAPI_2 .. , -? - WebAPI, .

, WebAPI .

, WebAPI_1, WebAPI_2 -, /Token, - , , - WebAPI_Token. / ?

0

authorize, , .

startup.cs api -.

, api-, AccesstokenFormat. ISecureDataFormat<AuthenticationTicket> , . , , , , , 2.0

Startup.cs webapi

app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
                      //you can write your encryption however you want.
                      // just implement ISecureDataFormat<AuthenticationTicket>
              AccessTokenFormat = new SecureTokenFormatter("YourKeyIfThatsHowYouDesignIt")
});

, .

** ** , google it.

0

Source: https://habr.com/ru/post/1536229/

More articles:


All Articles