0

I already have an ASP MVC web application with authentication and authorization.

and now I am working on an android application which will perform almost the same thing as my web application does.

I can use my ASP MVC web application to return json data to my android application, but as I've searched a lot and I was suggested to use Web API for android application.

my question is does it worth to make a dedicated web API with Authentication and Authorization (coz ASP MVC's Authorization is different from Web API's).

Please advice me, would it be any problem if I kept using my ASP MVC web application as json API for android application ?.

Hisham Aburass
  • 606
  • 1
  • 8
  • 15

1 Answers1

1

you can use an MVC application, you can have some controllers which return JSON data only and call those from anywhere. You still need to authenticate the access to them when you call them from another app though.

Your other option would be to rework your architecture a little. Create a proper WebApi, sort out the authentication to it. Once you do that, you can call it from both your MVC and any other app that you have, the same way. This way you keep things consistent and your data comes from one place.

If you call your MVC controllers from another app you are basically putting the pressure on the MVC app which now needs to serve an external app as well. Too many calls will then affect the performance of your MVC app.

It's much easier to scale an API properly instead.

I prefer to add JWT security to my APIs. Then your MVC app becomes a client, the mobile app another client, if you need to add some user information, you can, you can also add extra claims to your tokens if and when needed.

Have a look here :

https://jwt.io/introduction/
https://devblogs.microsoft.com/aspnet/jwt-validation-and-authorization-in-asp-net-core/

I used IdentityServer 3 7 4 with good results in the past: https://github.com/IdentityServer/IdentityServer4

Andrei Dragotoniu
  • 6,155
  • 3
  • 18
  • 32