1

I have the following setup.

2 mobile apps communicating with an asp.net web api 2 project and they use Token Authentication. Each mobile client stores the token client side, never username and password.

I then have my web portal hosted on an asp.net mvc 5project which uses standard cookie authentication.

Now in some cases my mobile apps needs to load webpages from the mvc 5web portal. For example our payment gateway page. But the client needs to be authenticated in order to load this page.

At the moment when we show the user a web wrap of out web portal. It asks them to login again. This is very bad UX.

How can I authenticate the client on the MVC site, using my web api Token

I'm imagining a function like this in the MVC site:

pubic Action LogInWithToken(String token)
{
var user = GetUserFromToken(token);
var isAllowed = AuthenticateUserFromToken(user,token);
if(!isAllowed) return 401;
return CreateCookieForUser(user);
}
Improve this question
3
  • You can use custom authorization attribute where you can check the request data and if token exist then validate the user. Check here and search in this regard. Commented Jun 19, 2017 at 5:45
  • 1
    Possible duplicate- stackoverflow.com/questions/38661090/… Commented Jun 19, 2017 at 5:50
  • @SivaGopal yes I can do that. but how do you decrypt the token? I still need a way to take the string token and get the user and time stamp from the token. Commented Jun 19, 2017 at 16:04

1 Answer 1

Reset to default
1

Is the Web Api 2 application hosted in the same machine as the MVC 5 application?

If they are, you can manually deserialize the token to get the id of the user. See Extract User details from web api auth token in MVC.

From there, you can sign in the user in CookieAuthentication automatically.

If they are hosted in different machines, however, you would have to specify the same machine key in the projects' Web.Config files.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

They are hosted on azure web service, design wise I would like them to be able to scale horizontally so I dono want to rely on them being the same machine. The link u sent requires us to change the API token to use JWT. How can I do it with using the standard API token.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.