Asp.net MVC 4 + WEB API - Custom authentication token
Solution 1
Generally you can either generate token and implement its verification logic manually or use some 3rd party tools.
For manual implementation look here or here at blog post, it could be a good starting point for you. It's based on http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs class.
For client side and OAuth concepts you can read here a good answer.
From 3rd parties a goo choice could be DotNetOpenAuth. It's a good library but is complicated when working with OAuth. Try to look at its Web API OAuth2 sample
Second questions - answer is yes. You validate token and set request as authenticated. Anyway you can look at Wep API OAuth sample, where it's implemented.
Solution 2
You might consider using the WebAPI Token Auth Bootstrap Package I am currently working on - available at GitHub or NuGet.
Documentation and code samples available at GitHub Wiki.
Simple Token and Users Authentication and Authorization Bootstrap for WebAPI applications. Provided with 'TokenAuthApiController' which has built-in support for Login and Logout (cookies-based) and automatic token parsing and authenticating (inside query strings, form data or cookies).
This bootstrap allow you to simply have [TokenAuthentication]
attribute on actions with the appropriate AccessLevel
: Admin
, User
, Public
or Annonymous
.
This bootstrap also provides TokenAuthApiController
that inherits from the traditional ApiController
and adds extra functionality detailed here.
Feel free to Pull requests, Report issues or Contribute
Solution 3
This would be one of the good places to start, This ties in nicely with the asp.net membership
https://stackoverflow.com/a/7217957/989679
You basically store information in userData of authCookie and works well with WebAPI
Hari Subramaniam
Updated on July 02, 2020Comments
-
Hari Subramaniam almost 4 years
I am developing an ASP.NET MVC 4 site on .NET 4.0. I am trying to authenticate the site to a WEB API. Now the site will pass a username and password and the WEB API will authenticate it. If authenticated, the WEB API will return a Token with roles, Time To Live etc. I am looking for a few pointers on this.
1.)How to generate this token?I dont want to use STS or anything else. Even a non fool proof approach would do. 2.)In the MVC side, i have to receive this token and set the current session as authenticated and make sure once TTL is expired i redirect the user to login page? Also in all the WEB API requests i need to send this token.