1

Currently we are developing a project that has Web API which will be consumed by both web application (Asp.Net MVC) and mobile apps (iOS and Android).

We are planning to implement oAuth in Web API to handle user authentication and authorization.

Usually we would go with ASP.NET Identity Framework if it is only a MVC application but since the authentication will be taken care in Web API, how do we maintain the user session in MVC?

Is using the Session Management still the standard way to do it?

We are planning to get the token from the Web API and save it in the MVC session to check if the user is authenticated or not? If I use the Sessions, do the [Authorize] attribute work the same way as it works when using ASP.NET Identity Framework?

Gopi
  • 5,656
  • 22
  • 80
  • 146
  • so can I confirm, do you want to have it so that if `user-A` is logged in to the mobile app, they are also automatically logged in to the web based (MVC) app? (Note: This isn't normal practice really) – scgough Jan 08 '19 at 12:49
  • @scgough Nope, That was not my intention. Since user is authenticated in Web API, I would like to know what is the correct way (if not Session) to maintain the user state in MVC. – Gopi Jan 09 '19 at 04:35

0 Answers0