I have ASP .NET Core Web API app, which uses JWT for authentication.
The approach is standard for token-based authentication APIs. There is resource to retrieve a token by user name/password. Every other resource requires token to be passed in Authorization header. This works as expected.
Now I need to write some Web UI app (Razor Pages), which will use my Web API for its business logic. I want to re-use authentication approach: Web UI user must be authenticated through Web API. PageModel methods need to pick token somehow and pass it to particular Web API resources.
There's no need to add/remove/edit users in Web UI - there's another Web app (Angular), that does all these things.
Hence, the sequence must be like this:
- Open Web UI start page. If user isn't authenticated (there's no token), redirect to login page;
- Login page. Fill user name/password, retrieve a token from API. Redirect to start page.
- Any other action: call
PageModelmethod. Pick a token, pass it to Web API.
I looked at Razor Pages app template with authentication, and also, read "Identity" section from the docs. I can't get how to glue all these things together: docs samples mostly based on a Entity Framework (this done inside my Web API). Even customization section describes just another user storage.
I've tried to register custom user provider, role provider, and token provider to figure out how this works. It looks like it wants to calculate hash, verify it, etc - in other words, do what API does.
How to implement authentication approach, described above? Are there any built-in techniques?
