Last post Jun 13, 2015 03:35 PM by Christy Piffat
Jun 09, 2015 06:23 PM|Christy Piffat|LINK
I have an MVC website that is calling a WebAPI in another project. The WebAPI uses OWIN and implements OAuth security. I will be using a Bearer Token to communicate between the MVC and WebAPI applications. My website requires the user to be in AD, which
I am checking in the GrantResourceOwnerCredentials method. If the user is authenticated, I would like to retrieve some information about them on the database and then pass that to the client for display on the website. I put this information in the ClaimsIdentity
as a new Claim since it is information that also grants permissions in the WebAPI.
This seems to be adding correctly to the ClaimsIdentity on the WebAPI. However, I cannot figure out how to retrieve this information on the MVC website. When I pull the ClaimsIdentity on the website, the only Claim present is the Username, which it retrieved
from the login form.
Is it not possible to pass information this way? Is there some other way I can send this information that would be available for authorization, as well as for display on the website?
Thanks in advance!
Jun 09, 2015 06:38 PM|BrockAllen|LINK
OAuth2 is not about authentication in the client application and you're now experiencing this. If you want authentication in the client app, you need a protocol for that like OpenID Connection (or WS-Federation).
Jun 13, 2015 03:35 PM|Christy Piffat|LINK
Thanks! I ended up combining the WebAPI and MVC parts together for now, making the call for the additional information in the Account controller, and putting the information in the Session storage. I know that the WebAPI and MVC are combined in the SPA
template, although I had hoped to keep them separate. If this project moves forward, I will definitely look into setting it up differently.