MVC application calling Web API application needing same user - asp.net-mvc

If I have an MVC application that has an authenticated user, and either from client-side JavaScript, or from an MVC controller, I wish to call a Web API that is in a different project to the MVC application, but use the same user credentials.
How would I go about this?
I am using the latest in VS2013 - MVC 5 with Web API 2. Currently to authenticate I am using forms auth.

Please refer the following link to solve your problem
Works fine for me
Web api authentication and MVC 4

Related

Looking for assistance with MVC Authentication with .Net Maui App

Currently I have an application that is running asp.net MVC 5 utilizing Owin.IAppBuilder for authentication. This was the standard authentication method when building mvc applications. This auth method connects to a SQL database and uses the standard aspNetUsers table method.
I am looking to start building a .net Maui mobile app. This .net Maui app I would like to allow existing and future users of my MVC 5 application to authenticate.
I researched many options but unsure the best method to start implementing. Does anyone have suggestions on what Path I should take?
If you want to use your own web service for authentication, you can use WebAuthenticator to achieve it.
For more information, please refer to: Web Authenticator | Microsoft

Can I use asp.net identity with MVC 5 where back-end is web API?

I have a web API which is written in java and on front end I am creating an Admin panel so to protect our restricted page I could use form based authentication however I heard that form based authentication has been deprecated(https://softwareengineering.stackexchange.com/questions/284380/is-formsauthentication-obsolete) from MVC 5 onward so Is there any alternative that I can use in this scenario?
You can install web api framework in mvc project with nuget. And install Microsoft.AspNet.Identity, Microsoft.AspNet.Identity.EntityFramework,
Microsoft.AspNet.Identity.Owin. So you can use identity in MVC framework.

How to share authentication between ASP.NET MVC and ASP.NET WEB API applications?

I am building an AngularJS MVC application, I need some guidance in terms of authentication. I am thinking of building the Authentication using the MVC authentication pipeline. AngularJS code will reside in the MVC application and the root SPA view would be a Razor cshtml. Here is my scenario -
Login page will call a Authenticate API that would return a token
AngularJS has the logic to get the bearer and pass to each of the API requests
There will be multiple ASP.NET WebAPI projects that will be hosted as subdomains.
I also need to call complex dynamic razor templates, this would need the authentication for the MVC controller that will return the razor views. Since MVC follows cookie based authentication, the token gives a 401 status code. How would this work wherein the authentication is shared between MVC and WEB API apps.
I think you would need to get your token from the API project, not the MVC in order to be able to securely call the API.
If you want to share identities across both the API and MVC projects, have them use the same database.
When getting the token from the API, you can get the identity details of the current user from your MVC application. At least, that is how I have done it in the past.
I blogged something along these lines here: http://blogs.msdn.com/b/martinkearn/archive/2015/03/25/securing-and-working-securely-with-web-api.aspx however this does not cover the step of using the creds from your MVC login and passing that to the API to get the token.
Hope that helps.

ASP.NET Web API + ASP.NET MVC + ASP.NET Identity + AngularJS

I am new to AngularJS. I need to develop a Web API (ASP.NET) which will be consumed by an Android, iPhone and a Web Application. I want to build the web application using ASP.NET MVC to use the built in routing and razor view engine.
The first problem I am facing is how to add security to my Web API and ASP.NET MVC in a way that they work together or use the same auth token (ASP.NET Identity). For example web application will display a login page to the user, AngularJS will send back-end login call to Web API and in return will get an auth token as ASP.NET Identity is being used on Web API side. Now whenever user requests a resource/view/html from web application (ASP.NET MVC), he/she should be authenticated and authorized first.
If my login call go through the ASP.NET MVC controller action and I create a FormAuthentication cookie on a successfull login, then how can I pass the Web API auth token to AngularJS in a secure way so that my angular controllers can call Web API methods for data manipulation using that auth token?
It would be great if someone could refer a blog/article with example.

ASP.NET Web API - Authetication in Windows Forms Application

I developed a web system using ASP.NET MVC 4 and I must perform an integration using .NET Web API and Windows Forms Application.
So far everything has been fine, but now I need to authenticate the users using Windows Forms Application and this application will be open on the internet.
My application already contains users that are registered in the database and currently are authenticated using the component 'Authorize' of ASP.NET MVC.
For data consumption through the client (Windows Forms Application) currently I use the library Microsoft ASP.NET Web Client API.
How can I accomplish this task safely?
Does anyone have any suggestions?
You can extend the HttpClient to add authentication. One example can be found here. It shows how to add a HttpMessageHandler into your pipeline for authentication using OAuth.
Here is the complete List of ASP.NET Web API and HttpClient Samples
Take a look at this Q&A which describes creating a custom AuthorizeAttribute for Web API that also authenticates the user using http basic security and grabbing the credentials from the HTTP header. Note that there is a different AuthorizeAttribute for ASP.NET Web API (System.Web.Http.AuthorizeAttribute) as opposed to the one for an MVC controller (System.Web.Mvc.AuthroizeAttribute). They have different behaviors. You do not want a call to a Web API being redirected to a logon page.

Resources