3

Background: - Using Web API in a Web Forms app with ASP.Net 4.0/C# using VS 2012 - Some pages will use Web API calls with JQuery, others will use web forms postbacks

Need to do the following:

  • Have user login with username/password
  • Validate credentials with SQL Server DB
  • Generate token back to client
  • Have client use token to authenticate on future API requests
  • Maintain user session regardless if using Web API or web form postback

What I'm not clear about is:

  • How to generate token using Web API
  • How to validate the token server-side on each call (store in SQL Server?)
  • How to maintain user session with a mix of Web API/web form postbacks
Kara
  • 6,115
  • 16
  • 50
  • 57
user2966445
  • 1,267
  • 16
  • 39

1 Answers1

1

I have used Thinktecture IdentityModel from http://thinktecture.github.io/. It is a great library which includes token generation.

This is the original article I referred to when I was implementing it

http://ben.onfabrik.com/posts/dog-fooding-our-api-authentication

I also did some write up on my blog if you are interested

http://sunilrav.com/post/Enable-Basic-Authetication-in-Aspnet-webapi-using-ThinktectureIdentityModel

http://sunilrav.com/post/Enable-CORS-in-Aspnet-webapi-using-ThinktectureIdentityModel

This post helped me when I was doing my research

REST service authentication

Community
  • 1
  • 1
sunil
  • 5,078
  • 6
  • 28
  • 33