What I am trying to achieve:
I currently have mobile apps on top of services and would like to add a web site on top of the same services.
Services details:
ASP.NET Web API project using OAuth (bearer token) and Identity for authentication and authorisation.
Microsoft.AspNet.WebApi 5.2.3
Microsoft.Owin.Security.OAuth 3.0.1
Microsoft.AspNet.Identity.Core 2.2.1
Mobile details:
Xamarin projects.
Xamarin.Forms 2.3.3.193
What architecture should I use for the web site?
Create a new ASP.NET MVC project and call my current services from the MVC controllers? This seems bad because:
I would have 2 layers of controllers (web site MVC controllers calling services API controllers)
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
Create a new ASP.NET MVC project and call current services database directly? This seems bad because:
I would have to duplicate the models in the services project and in the web site project
Create a new ASP.NET project and call my current services using ajax? This seems bad because:
I would need to create my own register/login pages
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
I would need to say bye to future social authentication (OAUTH2) implementation because I wouldn’t be using OWIN
Thanks,
fcorbeil
If you already have the API a brand new MVC app shouldn't be such a bad choice. If you have your models stored in a different project just reference them to the MVC one. As for the services, them would work perfectly with the new application. This all can be achieved without changing almost nothing to the current implementation.
I am working on a project and using a similar architecture.
I decided to create an Angular project for the website front end and all it does is talk to the Web API. Angular handles the JWT authentication really well. If you've never worked with Angular before, it is really nice to work with.
However, a vanilla ASP.NET MVC web app would work just as well.
It depends on how comfortable you are with Angular, or how willing you are are to learning it! :)
Related
I have two different projects one for a web application which is in Asp.Net MVC using EF code first and another for mobile application APIs which is in Asp.Net Core 2.1 using EF code first, both are sharing the same database both are using Identity authentication. The problem is if someone registered with web application and trying to login with APIs with identity authentication. It unable to authenticate because user registered with ASP.Net MVC Identity and APIs have Asp.Net Core Identity.
I don't know which code solves the problem but I don't think the problem's source is there. However, if you use the same process in different areas, you can face a lot of problems. Appearing of this problem is normal because of the codes containing the same logic place in multiple locations.
I think you need to have a new application that serves services to both applications. Then you can move the same code in both applications into the new application. On the result, codes containing the same logic are collected in only one place.
If I were to create two separate projects:
ASP.NET Core Web API project
ASP.NET Core MVC project
The MVC project would use HttpClient to talk to the Web API.
If this is the case and I wanted to use the built in ASP.NET Identity should I be doing it through the Web API or just keep it as part of the MVC project?
From the description of your question, it seems like you will end up protecting only 1 layer of your app.
Ideally, you would protect both. On the MVC application side you would want to do user authentication with ASPNET Identity (establish who wants to get information) and on the WebAPI side you would want to do resource authentication or client authentication to check if the caller of the API (app x) actually has the rights to call the API. The latter cannot be done through ASPNET identity. You would want something like Identity Server 4 or Azure B2C like products to achieve that.
Now, you could keep the API open & internal and just call it from HTTPClient in the MVC APP, but, I wouldn't do that if I were you. The only reason I can think of why you would want an API is, so that you can later use it from other apps, so, keeping the API open like that is not advisable.
If I were in your shoes, I would want to have a security framework around my applications and then proceed with giving applications the required access on the API to carry out needed operations.
I am a bit confused as to why there is no Individual User Accounts authentication option in the latest ASP.NET Core Web API template.
Is it still possible to implement individual user accounts the way that the MVC template does or would it not make sense?
Let's say I am creating a stand-alone web API that is going to have all of my business logic and data layer that accesses the database which has the AspNet Identity tables. I plan on making calls to this API w/ an MVC app.
I know one way of doing this is to create an asp.net MVC app w/ individual user accounts auth and simply build the API right within the MVC app using a controllers/api folder. However, I don't want to do it this way because I want the API to be its own standalone project that can be hosted on a completely different server and accessed by multiple applications, not just an MVC app.
Can someone lead me in the right direction on how authentication typically works in this scenario since there is no template?
Individual User Accounts authentication option for the ASP.NET Core Web API is available in .NET Core 2.0 Preview 1.
Unfortunately .NET Core 2.0 Preview 1 isn't available in VS 2017 release.
But you can install Visual Studio 2017 Preview (you can use it side-by-side with VS 2017 stable version) :
I think you can use IdentityServer4 which allows implementing single sign-on and access control for ASP .NET Core Web APIs using protocols like OpenID Connect and OAuth2. It offers integration with ASP.NET Core Identity and Entity Framework Core.
You will need to install to the following nuget package:
Install-Package IdentityServer4
and add the IdentityServer middleware to the HTTP pipeline:
app.UseIdentityServer();
You can find several quick start samples here or follow this article.
I am starting a new MVC project for one of my clients. They already have an iPhone app which is having most of the functionalities that I intend to do. And a web service exists. I do not have any database side work. My question is, I want to use the web service calls for authentication. But asp.net MVC is using Identity as default authentication. How do I tackle to use Identity with out much effort to call the web service for authentication?
I have several asp.net website projects for various sites.
Currently I want to add REST API's to these projects so I can start developing mobile apps (using HTML5/JavaScript/CSS3 and PhoneGap) that make use of these webservices.
Since WCF is far more powerful than regular asp.net webservices (among others with control over the service and authentication/authorization), I'd love to add these to my existing website project.
I did a Google search but cant find anywhere a step-by-step tutorial how this can be done. And also if there's any functionality I'd possibly loose when adding WCF functionality
I was also thinking of creating a new project specifically for WCF, but think I'd rather add it to an existing website project.
Can anyone help me with this?
Depending on exactly what your needs are and how your current web site is configured, there are two approaches.
If you are using a Web Site Project, then you should create your WCF service in a different application:
1) Create a new ASP.Net Web Application Project.
2) Add a new item to the project and select the type of WCF Service or WCF Data Service.
When you deploy this project, you will deploy it to your web server, but not as part of your web site since configuring the web.config will be a large manual effort.
If you are using a Web Application Project, then you could add the WCF Service directly to your existing project. However, I only recommend this approach if you are Silverlight applets within the web site that rely on the user's authenticated credentials.
WCF can be configured with a lot of bindings and it can be configured to return xml or json(.net 4.0). Try to create a wcf service configured to use basichttpbinding or wsHttpBinding and to format the response as json and use jquery to interact with the wcf service. This article might help you http://www.codeproject.com/KB/aspnet/Cross_Domain_Call.aspx