I am new to Web-Api, Cloud, etc. I have some requirements for my project, but since you have a lot of resources over the Internet, I cannot decide which direction I should go.
Requirements:
The user must identify with credentials (e.g. facebook / google, etc.)
Users nameidentifiermust be transferred to our web API and stored in the database.
Get the token / key that was provided to us when the user authenticated himself
Send a token in the header of each api request and check the user ID
It should run in a mobile client application (Windows phone, Android, iOS).
Question:
1) What is the easiest way to identify the client when using an external source, and then authorize the client when it calls our web api?
2) Is it possible to configure AD to use an external identity provider (for example, facebook, google) or can it be done only using ACS?
3) The only thing you need is nameidentifer(no name or email address, etc.).
Relevant Links
source
share