0

My question is based on ASP.net 5 and authentication. In particular, I'm trying to achieve integrating oAuth (2.0) into my solution as my logon method (the users can either logon using oAuth if this is how they registered, or directly with my own app). Using the template for an ASP.net 5 web app, I've successfully achieved the above but this isn't quite what I need.

I'm have an ASP.net 5 MVC (app1) for my front end UI and an ASP.net 5 web api application (app2) for my REST services, serving data to the UI. Nothing new to this approach.

I want my MVC front end (app1) to have no Entity Framework references and no reference to things like Sign in manager (if possible). Just keeping it as simple as possible. I have a login screen and I want to present the option to logon via facebook or google oAuth accounts. Instead of using the nice code MS kindly provides out of the box when you start a new ASP.net 5 web app (hey, why make life easy!), I want to use my web api to do as much as the work as it can (I realise somethings need to happen in app1 to make this work).

My goal is to keep my UI as simple as possible and offloading complex functionality (business logic, database access and other things such as caching) off to the web api app.

I'm having difficulties extracting the parts of the web app demo around oAuth, and moving it into the web api, to utilise from app1. Has anyone managed to do this before? Is this a bad idea? Has anyone a sample of this approach in new ASP.net 5 MVC.

Thanks for advice in advance!

Improve this question
2
  • There is only one benefit to rolling your own authentication, and that is to learn that writing a decent authentication framework is best left to a team of other developers. Getting it right can be mind-bendingly tricky. Do you really want to be the next Ashley Madison? Commented Jan 20, 2016 at 0:05
  • Hopefully none of my work colleagues walk off with the database (as per your case in point). I've rolled my own authentication before in a very secure manner and I'm not against writing my own if I REALLY had to. However, if possible, I would like to implement any existing framework (this is definitely preferable to writing our own) but just over a web api manner as opposed to all existing in one ASP.net 5 MVC app (as per the template). I've a layered architecture and would like as much authentication that can be handled in the web api as possible. Commented Jan 20, 2016 at 0:20

2 Answers 2

Reset to default
2

We (that is ASP.NET) recommend you look at Identity Server. v4 is now built on top of .NET core. The OAuth components you see in templates for facebook, twitter et al aren't suitable for using against a WebAPI, they're there for interactive, browser based logins, not for javascript.

You would have your interactive app handle registrations as normal, then use Identity Server to issue a bearer token, pointing it to your identity database, and validate that within your WebAPI.

We don't recommend rolling your own.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can build a WebAPI app with membership manager using ASP.NET Identity. ASP.NET Membership is now called ASP.NET Identity.

From the link you will see how you can create a WebAPI app that will support all basic ASP.NET membership functionalities (log-in, register, etc).

Once you have WebAPI setup with your (custom) ASP.NET membership storage (DB is auto-generated once you run the app.), you are set up with a RESTful web layer with data access. You can also customize the storage provider. See here: Overview of Custom Storage Providers for ASP.NET Identity.

The ASP.NET website (www.asp.net) has all the necessary information sufficient to create all that you said from scratch. For integrations with Facebook or others, you can check out this link: External Authentication Services with ASP.NET Web API (C#)

Improve this answer

3 Comments

Thanks for the info @joordan831, does ASP.Net Identify work with ASP.net 5 as well? (I notice the post was created in 2013)
Yes, it does work with ASP.NET MVC 5. I worked with it in VS 2015.
Asp.net identity is the mechanism used for authentication in the default templates in Visual Studio web projects.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.