0

I currently have an asp.net Web API that uses identity authentication which an angular client then uses to authenticate users using an access token.

I want to have a another separate restful API that deals with the logic, crud operations etc side of things but I want this to have [Authorise] on the controllers to ensure it is secure.

enter image description here

What would be the best way to achieve this? Do I have to install identity on this logic API too?

Any help on this would be really appreciated.

DBoi
  • 627
  • 2
  • 17
  • 35
  • What’s the authorization method? jWT or Basic? – Hanjun Chen Nov 06 '18 at 16:23
  • Im currently getting an access_token from the identity api and using that to authenticate the user in a seperate angular 6 client, so basic setup i think – DBoi Nov 06 '18 at 16:30
  • I think a separate Auth API will create overhead? But each case is different – Hanjun Chen Nov 06 '18 at 16:32
  • The other API will be massively rowing so i was separating out the authentication so this could be maintained separately. Can you explain why this would create an overhead? Also, whats the best way to achieve this? – DBoi Nov 06 '18 at 17:01
  • I could be wrong but that’s another layer of HTTP communications, so there’s might be some overhead. – Hanjun Chen Nov 06 '18 at 20:47
  • Maybe try customizing the `[Authorize]` attribute, and call the Auth API instead of doing the default authorizations https://stackoverflow.com/questions/12629530/how-to-customize-asp-net-web-api-authorizeattribute-for-unusual-requirements – Hanjun Chen Nov 06 '18 at 20:50

0 Answers0