0

I have an asp.net mvc project that contains some web API controllers.my mvc area and pages are authenticated via form authentication. API controllers should be consumed from native android client I need to register deice and authenticate them for some API's. I searched and seen some web api example used token authentication but here how can i merged both token and form authentication for different request? how can i customize my security configuration to generate token and authenticate api requests?

here is Startup.Auth class:

 public void ConfigureAuth(IAppBuilder app)
    {

        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>        (ApplicationUserManager.Create);
        app.CreatePerOwinContext<ApplicationRoleManager>(ApplicationRoleManager.Create);
        app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);

               // Configure the sign in cookie
        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Login"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
            }
        });
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
        app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));

        // Enables the application to remember the second login verification factor such as phone or email.
        // Once you check this option, your second step of verification during the login process will be remembered on the device where you logged in from.
        // This is similar to the RememberMe option when you log in.
        app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie);

}

Seifolah
  • 341
  • 3
  • 14
  • Your app is using cookie authentication, for web api you would probably need to wire it up to use Token Authentication. I haven't seen the new MVC template with individual account control but here are some links to how-tos. http://satvasolutions.com/combine-asp-net-identity-web-api-and-mvc-best-in-a-single-web-app/ http://blog.iteedee.com/2014/03/asp-net-identity-2-0-cookie-token-authentication/ http://stackoverflow.com/questions/32161429/combine-the-use-of-authentication-both-for-mvc-pages-and-for-web-api-pages – Bill Jul 22 '16 at 21:15
  • Thanks @Bill .This works for me http://blog.iteedee.com/2014/03/asp-net-identity-2-0-cookie-token-authentication/ [link](http://blog.iteedee.com/2014/03/asp-net-identity-2-0-cookie-token-authentication/) – Seifolah Jul 24 '16 at 07:25

0 Answers0