14

I'm working on a project using ASP.Net MVC5 which also includes a Web API. The API will be for internal use only. I'm using the OWIN library to provider authentication.

I'm having a difficult time figuring out how to correctly implement authentication through the API. I was planning on using OAuth 2.0 but the problem with OAuth is that the user needs to login through a browser page instead of a native login screen. So I was wondering if it is possible to somehow skip the browser.

I've found this example which creates it's own OAuth Authorization Server. But it doesn't show how to make the login native.

Improve this question

3 Answers 3

Reset to default
6

If it's a highly trusted client, then you can use the OAuth2 resource owner password flow. You can look at the VS2013 SPA template and/or read on this post:

http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

You could use Thinktecture.IdentityServer v2 as a light-weight security token service.

https://github.com/thinktecture/Thinktecture.IdentityServer.v2

Improve this answer

Comments

-2

You will need to create a WOPI host, which is basically a software solution that can take advantage of the browser-based Office(office web).

Create a custom WOPI host and configure it to use Office Web Apps Server to provide the browser-based file viewing and editing for Office files.

Nice sample on Microsoft MSDN

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.