0

I am using asp.net web api 2 and developing an app which is to be hosted on intranet. So the authentication needs are very basic / minimal. I have some custom table where I store registered user's username/password. Using that I need to validate user.

As far as I understand OAuth is for using authentication from google/facebook/etc. Forms authentication is used with asp.net mvc. So what kind of authentication should I implement.

I have googled around but all I found are OAuth example. But how can I do very basic/minimal authentication implementation.

I know its a duplicate question, but it would be great, if someone can guide me to a link which can start from basics like how to read Authorize header, how to create/when to set IPrincipal, etc...

EDIT

there is no legal/regulatory requirement. also single sign on or windows login is not a choice. so just need to stick with a simple table with username/password fields.

just want to know the most basic way to include authentication/authrization in web-api app.

harishr
  • 17,807
  • 9
  • 78
  • 125
  • Why not pop over to pluralsight.com and take a course on it? There are some good ones. – James World Nov 15 '14 at 10:11
  • can you guide to me.. which course, or tell me the chapter to look at... – harishr Nov 15 '14 at 10:11
  • There are simply too many unknowns here that make this question too broad for this format. Most medium to large organisations would have an architect that can help you select an appropriate approach before learning about it. In most organizations, sticking a username/password in a table for a small custom application is usually a terrible choice and it becomes yet another burden on IT operations. Why not use Windows authentication or whatever Single Sign On your organization has? – James World Nov 15 '14 at 15:04

2 Answers2

0

I recently answered a simliar question, see here: https://stackoverflow.com/a/26757636/849507

Since you already have your own table with username and password, the first two parts are for you. You can ignore the angular parts.

Community
  • 1
  • 1
MichaelS
  • 3,809
  • 2
  • 26
  • 33
  • There is no one way to solve this problem. It depends on so many factors, as such this simply doesn't answer the question. It also employs links, against SO guidance. The links provide a good answer to a different and far more specific question. The most important part is how to make an appropriate choice of authentication mechanism in an intranet scenario. – James World Nov 15 '14 at 13:34
  • As long as there is no Windows Authentication, there is no difference between internet and intranet authentication. I don't see your problem. Have you read his question? He asked for a link from which he can start... – MichaelS Nov 15 '14 at 13:40
  • I did read it. The key part: "So what kind of authentication should I implement." This is too broad a question. What if the company mandates something? Or if there are regulatory concerns? That is just a glimpse of the myriad factors that can affect this decision making. You've already made my point by bringing up the Windows question. This question needs an architect to answer, who would ask the important questions that need to be asked. In my opinion, jumping in with a specific approach here is naïve and could cost this guy and his company time and money. – James World Nov 15 '14 at 14:54
0

for the future users, if you are looking at the most basic & simple implementation, please have a look at SimpleOAuthProvider as shown in here. Its the most basic and simplest one to implements and uses token auth, which is good enough of most of the use cases.

Please do replace the AccountsController and AuthRepository with your custom implementations.

harishr
  • 17,807
  • 9
  • 78
  • 125