5

I have the following solution:

  1. Web api project.
  2. MVC 4 project.

I need to authenticate user by sending its credentials using a JSON request (https is a must). is it a good approach ? and how can i authenticate the user on both web api and MVC .

Improve this question

2 Answers 2

Reset to default
5

is it a good approach ?

Yeah, why not.

and how can i authenticate the user on both web api and MVC .

If the Web API requires authentication you could use the same Forms Authentication as the MVC application. So you could configure Forms Authentication in the web.config of the Web API application and then decorate the actions that require authentication with the [Authorize] attribute. Then clients that need to query those methods will need to include the Forms Authentication cookie along with the request.

It is important to note that in order for the Web API to be able to decrypt the forms authentication cookie that was emitted the MVC application, both applications need to share the same machine keys.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

so what you mean is that i need to do form authentication on both MVC and web api?
That's one way to share the same authentication between the 2 applications. If that's not what you are trying to achieve then please explain your precise goal.
That's what i want, can you provide a sample? i google it alot and couldn't find a complete example. Thanks in advance.
You may already start by setting what I suggested you in my answer and see how it goes. You need to configure forms authentication for both applications and then decorate protected actions with the Authorize attribute. Then when you need to send a request to the Web API you need to include the forms authentication cookie along with the request. If you have some troubles implementing this, don't hesitate to show your code and the progress you've made so far so that we could help you.
My Web API is ignoring my Authentication attribute. That is, some times when I make a call, and I am authenticated, it treats me as unauthenticated, and other times, I will be unauthenticated and it still treats me as authenticated. I see that the is an authentication attribute in system.web.http and system.web.mvc, do I ignore the one in system.web.http? Both Web API and MVC are part of the same project, and server deploy.
|
1

You can use Basic Authentication. You need to create Authenticationfilter.

There is an opensource library. (WEbAPIDoddle)

https://github.com/WebAPIDoodle/WebAPIDoodle

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.