I just got Visual Studio 2013 loaded up and want to create a new web/mobile app that uses the same authentication for the website version and the mobile version.
I loaded up both templates (MVC5 w/Indivual Account & WEB API w/Individual Account) to check them out but it looks like I actually want to do a merge of those projects so the MVC5 uses the Web Api 2 OWIN for normal username & password authentication along with Social Media logins via Oauth.
SPA - I did look at this template but I'm not looking for a SPA as my website will need to be SEO friendly plus I know MVC and want to keep using it.
This would seem like an obvious template that developers would like to have in order to support both websites and mobile apps in the same project.
If your target is to share user accounts between the MVC app and the Web Api app, then all you need to do is to have them both point to the same UserStore.
I think this is what you are looking for:
http://leastprivilege.com/2012/10/23/mixing-mvc-forms-authentication-and-web-api-basic-authentication/
Related
I think this is the first time to ask a question here, but wanted to try. Hope I got this right. I have searched all over web but nothing seems to come up for this scenario.
On a Test Project, I was going to have a ASP.NET Web API that will be exposed to the web. It will have authentication and authorization. The roles will be managed thru the Web API. I will have a ASP.NET CORE MVC app as one of the clients accessing the Web API.
What I would like to do is pass the users roles (in a Claim?) from the Web API into the Web Site and have the roles be used in the Controllers Authorize as well as in the views (menu filter and button disable functionality). Of course the issue is the separation of the Website from the Web API.
I have seen tutorials where the role is passed to a Angular/React/Vue site but I am trying to see about this in a Asp.net Core website.
I think I want to pass the claim(with the Roles) to the Website and have it use it as if the website was accessing the DB directly.
Just trying to figure out how this would be done.
Any direction would be appreciated.
Thanks
Usually when I build a new website I create a .NET or PHP website. These website either connect to a MySQL DB or an external API. To do this I can securely store my credentials to these services and the back end will authenticate to them. Now since I want to build a Progressive Web App which is front-end only, how can I securely auth to these? Does my PWA have to have a login page that returns an API key that is dynamic? Thanks
Progressive Web App (PWA) is not front-end only. You can see the definition and the PWA Baseline too clearly understand what makes a PWA.
The problem you have mention is authentication on Single Page Web apps (which is front-end only). Here is the first article from Google with keyword "Single page web app authentication".
Token Based Authentication for Single Page Apps
I am in the process of learning ASP.NET MVC 5 (Visual Studio 2015) and have created a basic MVC web application. When I created the project, I selected "MVC" and "Web API" under "Add folders and core references for:". I also selected "Individual User Accounts" under authentication. I created some models, controllers, and views using EF. Those are working great along with authentication. I also created a "Web API 2 Controller with actions using Entity Framework" to add API capabilities to one of my models. Again this works fine.
Now I am trying to get OAuth working with the Web API but ran into problems when requesting the Token... I don't think the Web Application template comes with that piece. After much reading, I found some recommendations on Stack Overflow that it is usually better to create a separate project for your Web API.
So my questions are:
I will most likely be deploying the Web API on one server and/or subdomain and the Web Application on another. If that is the case, they have to be in separate projects anyways, right?
When having two projects, what is the best way to share common components, like models? In my Web API, should I add a reference to my Web Application and then create the Web API Controller like that or should I copy the code from the model and create a new model in the Web API?
To answer your questions:
Yes, they need to be separate projects if you are going to deploy them seperately.
To handle common items, create a library DLL project and reference that from both the Web API and Web App. It can contain the common components.
Also, if you are using cookies for authentication, you are also going to have to setup CORS to allow the cookie to be shared between two sites with different domains.
I am developing a SharePoint app that communicates with social feeds such as Twitter, Facebook (the user has to sign in ofcourse through the App using OAUTH). My problem is that everytime I deploy the app (using VS) it generates a new url and I need to keep registering this url with the community sites (Twitter, Facebook). Is there another way to overcome this problem.
I guess you are talking about the App Web wich is created every time the application is deployed (url has a form like that https://prefix-id.tenantdomain.tld/pathOfWebItHasBeenDeployedTo)
This is by design and here is some documentation about it
Then I guess the problem is because you're using OAuth implicit flow which requires url not to change over time. Unfortunately this is a by design limitation, to work around that you'd have to transtion to a provider hosted application. (therefore hosting it on your own server with a fixed url)
S*Problem to solve:*
So I'm building my first mobile app using nomad and I have pages I want to call through ajax. The problem is I need an authenticated user to get the data I'm looking for. I'm just using the built in forms authentication logic that comes built into mvc 3 projects. So how can I securely authorize a user on a mobile device and keep them logged in while making calls later?
Environment:
I'm using a tool http://vsnomad.com/, for my app, and a basic asp.net mvc 3 site controller to login and get the data the app needs. I'm not using webpi just a controler to keep it simply for now. For the mobile app its built on jquery, jquery mobile, and HTML 5, any help here would be much appreciated