0

I have two projects - an MVC project and the other an API project. I have placed the login form and script in the MVC project and the back end is in the API project.

I have written the login form as below:

<form>
     <div class="form-group">
        <input type="email" class="form-control" id="email" placeholder="Username">
     </div>
     <div class="form-group">
        <input type="password" class="form-control" id="pwd" placeholder="Password">
     </div>
            <button id="buttonSubmit" class="btn btn-default">LOG IN</button>
</form>

The script for login submit when a customer has filled in the above form:

var user =
         {
              UserName:  $("#email").val(),
              Password: $("#pwd").val(),
              IsRemember: $(".customCheckBox").val() 
         }
$.ajax({
          type: "POST",
          url: "http://localhost:55016/api/ajaxapi/loginmethod",
          data: user,
          success: function (response) {
               document.cookie = "UserName = " + response.UserName;
          }
});

Then I have created session using API project as below:

[HttpPost]
[Route("api/ajaxapi/loginmethod")]
public UserValuesForLogOn AjaxLogOnMethod(UserValuesForLogOn user)
{
     HttpContext.Current.Session["authToken"] = user;
     return user;
}

After logged in I have called ajax post to get details as below, which is in the MVC project:

$.ajax({
        type: "POST",
        url: "http://localhost:55016/api/ajaxapi/caselistmethod",
        success: function (response) {
        }
});

Then I have written code in the API project to take session value as stored while login process:

[HttpPost]
[Route("api/ajaxapi/caselistmethod")]
public List<UserValuesForLogOn> AjaxCaseListMethod()
{
      userDetails = (UserValuesForLogOn)HttpContext.Current.Session["authToken"];
      return userDetails;
}

Both cookie and session values can't take in API project. Please help me. Is it possible to access session and cookie in a cross domain situation.

Thanks.

RickL
  • 3,318
  • 10
  • 38
  • 39
Arun D
  • 279
  • 3
  • 18
  • may be https://stackoverflow.com/questions/6080017/how-to-share-session-among-multiple-domains-on-single-asp-net-website it will helpfull for you – Karthick Rajan Jun 13 '17 at 10:08
  • Unclear what you’re asking; are you trying to set a cookie for `http://localhost:55016/` from your code that is “run” under a different domain? You can’t do that, only `http://localhost:55016/` would be allowed to set such cookies. If you want to let an external API handle your login - then you should be using some sort of access token for this (like OAuth2 does), not cookies. – CBroe Jun 13 '17 at 10:13
  • 1
    I don't think you will want to share session or cookie information across both your API and Web app. You should authenticate in the web app and pass a correct API key as a header value to the api for making sure they are authorized. – Derek Hackett Jun 13 '17 at 12:42
  • I have tried already but its not working.@DerekHackett – Arun D Jun 13 '17 at 12:46

0 Answers0