Last post Jul 12, 2014 01:13 AM by hanzalah
Jul 11, 2014 06:48 AM|hanzalah|LINK
I am working on a project where I have decided to divide business functionality into multiple service (i.e. Multiple Web api projects) where each service will serve specific functionality with it's own domain model.
In terms of project structure, I have 3 visual studio projects/sln.
1. Web-Api project for Booking (http://booking.testsite.com/api/...)
2. Web-Api project for Supplier (http://supplier.testsite.com/api/..)
3. AngularJS + Asp.Net MVC Application (web application) client application which will consume above API's
Both the Web Api projects are using the same SQL Server database via EF.
For me, the problem is where to implement Authentication? Should I create a separate service for authentication.
I am using token based authentication in my booing web-api project which works fine, but how can I use the same token to authorize supplier web api actions and controllers? unless I implement Account controller and IdentityUser in both the projects.
Is there a way to implement this without duplication login mechanism in both the web-api projects?
I also though about creating a third service (Web-Api project) just for authentication and call authentication service from supplier and booking services, but still not sure how it's going to work?
any help would be appreciated.
If I have 3 api service, booking, supplier and authentication and user is trying to access a protected resource on booking service by passing token.
Can I call authentication service by creating custom authorize attribute and forward that token to my authorize service to check if it's valid? also not sure how to implement CheckToken sort of action in authentication service Account controller.
Jul 11, 2014 07:49 AM|dharnendra|LINK
Check the below url which gives you better understanding of token based authentication setup.
you can use both the way, in case of 2 web api and no separate authentication service, you will have to implement the token mechanism under both the apis and you can also use another approach to have separate authentication service and you can take reference
of that service in both API for token check.
Jul 11, 2014 10:00 AM|BrockAllen|LINK
For many Web API projects you most likely want a centralized service for your authentication. This is where an OAuth2 authorization service fits in -- it's sort of like a SSO server for web apps, but it's for tokens instead. Thinktecture IdentityServer is
such an authorization server, and it's open source:
Jul 12, 2014 01:13 AM|hanzalah|LINK
I have started to get me head around Thinktecture IdentityServer.... I'm using the following end point to validate token which are passed into services (web api's) like booking and supplier.
My question is, what Web-Api end points I can use in my api consumer client application to authenticate username + password) and also create a new user.
I tried below URL but it didn't work.
or I even tried
Not sure about registration... ?
Thanks for you help....