Create an ASP.NET REST Web API to authenticate users for multiple apps

Question

We are going to have multiple apps (an ASP.NET MVC website application and iOS, Android apps). We need all versions of our software to allow users to register and login, no matter what version of the app they are using. So I've been tasked with creating an ASP.NET Web API REST service that will register and authenticate users and return a token. As a web developer, I'll also be working on the MVC site that will call this web service. All the examples I see use Google/Facebook to authenticate users, but I don't want that. I want to use my web service instead, where the data for users will be stored in a SQL Server DB.

How do I go about creating this web service? Is there any sample code out there that does this? I don't care about Facebook or Google logins...our logins are internal only and should be stored in SQL. Please help! :)

Also, should the authentication web service be separate from the web service that returns report data within the consuming apps? I'd prefer the service to handle it all as the database will be the same.

Answer 1

Hi Here are some great links and hope it helps you:

http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server

http://www.codeproject.com/Tips/372422/Secure-WCF-RESTful-service-using-OAUTH

And also previously asked on StackOverflow: How to implement oauth2 server in ASP.NET MVC 5 and WEB API 2

Answer 2

There are multiple options for this.

1. using OpenAuth/OpenId
2. using SSO( single sign on)
3. Active Directory Federation Services (ADFS)
4. Centralized authentication (https://stormpath.com/blog/sso-vs-centralized-auth)

Refer this posts also

C# ASP.NET Single Sign-On Implementation

Step-By-Step: Setting up AD FS and Enabling Single Sign-On to Office 365