4

I have a Web Api 2 project based on SPA VS 2013 Template. I have a bearer token authentication configured in that Api.

I also have a separate MVC 5 project, I want to authenticate using that Web Api. Is that possible? How?

What I did so far (in my Mvc Client) :

using (var client = new HttpClient())
{
      client.BaseAddress = new Uri("http://localhost/MyApi/");

      var response = client.PostAsync("Token", new StringContent("grant_type=password&username=teste&password=123456", Encoding.UTF8)).Result;

      if (response.IsSuccessStatusCode)
      {
           //
      }
}

It got the Token, but what now?

Improve this question

3 Answers 3

Reset to default
4

If you get the token you should be all set. You just need to provide it in the header on each request like:

Authorization: Bearer boQtj0SCGz2GFGz[...]

Edit:

With HttpClient you would do something like this:

var requestMessage = new HttpRequestMessage(HttpMethod.Post, "http://localhost/MyApi/");
requestMessage.Headers.Add("Authorization", "Bearer boQtj0SCGz2GFGz[...]");
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

And how can I set that token in the header ? Anyway to do that automatically?
Do the MVC and Web API have to be separated applications? If you could keep them on the same server you wouldn't have to do any HTTP-requests to authenticate from the MVC-client.
Its the same server, but different Projects: -MyProjectApi, -MyProjectMvc
To use the same API in others clients
First you create the identity with UserManager's CreateIdentity method. Then sign in the user with AuthenticationManager's SignIn method. That's all. You don't need to worry about the access token, the framework will take care of that for you. Example: var identity = UserManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookies); AuthenticationManager.SignIn(new AuthenticationProperties{ IsPersistent = true }, identity);
|
2

I suspect with the SPA you're using resource owner flow (uid/pwd). If you now have a new client that is a separate MVC project, it'd be considered a code flow client, so this means you need to support code flow in your OAuth2 authorization server. Unfortunately the Katana OAuth2 authorization server middleware from Microsoft wasn't really designed to support more elaborate OAuth2 scenarios, so you might have to look into using a separate, dedicated OAuth2 authorization server. Thinktecture AuthorizationServer is a free, open source implementation in .NET that you could potentially use:

http://thinktecture.github.io/Thinktecture.AuthorizationServer/

Otherwise you're almost implementing an OAuth2 authorization server from scratch.

Improve this answer

1 Comment

I edited my question with some code I did... Can you comment on that?
0

you can defiantly use and configure ASP.NET Identity and OWIN component in asp.net web api to provide authentication services.

ASP.NET Identity can be used with all of the ASP.NET frameworks, such as ASP.NET MVC, Web Forms, Web Pages, Web API, and SignalR.

for more information about it check out this link

http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity

hope that helps.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.