asp.net mvc - MVC to WebAPI authentication for the same application -

-

i'm building website have mvc side , data webapi backend of our own, hosted on different server (or on azure). we're going use forms authentication.

since want users need log-in once (to mvc website), recommended way transparently authenticate users webapi backend same information entered on mvc forms authentication login?

since authentication works based on cookies, best way call webapi authentication action/method on login action of mvc app, auth cookie webapi , use on every call webapi end?

any guidance appreciated

gr7, can't i've ever attempted doing.

let me point out bothering me idea, , how think can make work.

you have asp.net mvc application running on 1 web server, , asp.net webapi application running on server. want use cookie 1 on other. how cookie mvc application valid webapi app? if username , password of user same on both systems, cookie generated 2 different applications not same it? clear, i'm not 100% sure it, suspicion.

here basis suspicion - let's run asp.net mvc application on azure cloud, , have load balanced (meaning have multiple instances, each running on different physical machine). user connects website, , authenticates on instance. navigates page on website, , load balancer ends sending him page on instance. believe required reauthenticate in case, since cookie not valid, though exact same mvc app. solution situation set same machine key on machines.

this discussed on msdn here: http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=vs.100).aspx

and microsoft kb article: http://support.microsoft.com/kb/910443

there stackoverflow articles discussing this: does forms authentication work web load balancers? , .net forms authentication in azure - changes required multiple vms?

so guess should able set machine key same on both web servers, , pass cookie mvc application webapi application in order not make user authenticate twice. correct me if wrong.

the other solution hold on 2 cookies, 1 mvc app , other web api. need figure out store webapi cookie - since asp.net works in stateless manner, every time user clicks on different mvc page totally new transaction. maybe want users browser store both cookies. first time authenticates, authenticate him on mvc application, , webapi application, using same username , password, , send both cookies him (the mvc cookie automatically go him of course). each time navigates differnt page, both cookies sent mvc application, , have take 1 of them , call webapi application it. may need make sure both cookies not have same name (by default both aspxauth). can change name of mvc cookie in web.config using

<authentication mode="forms">   <forms name="myauthcookie" loginurl="loginpage.aspx" /> </authentication>

that should allow store 2 cookies on user's browser , distinguish between them. i'm assuming both mvc , webapi on same domain, otherwise browser won't accept webapi cookie (or atleast won't pass in subsequent requests).

if answer helps, please vote, have barely rep :)

======================================

edit - adding in reply question below - wanted know how take cookie webapi gives mvc app, , return user's browser. start sending http post request credentials webapi mvc app, clear on everything.

let's use json send login information part of http request web api server mvc app. crate model in models folder of mvc app this:

using system; using system.collections.generic; using system.linq; using system.web;  namespace sitterwebsite.models {     public class myjsonloginmodel     {         public string username;         public string password;         public bool rememberme;     } }

then in login() method in actioncontroller.cs, can add make request 

string loginapibaseaddress = "http://mywebapiurl.com/"; string loginapiaddress = "api/accountapi/signmein";  myjsonloginmodel mydatamodel = new myjsonloginmodel() {         username = "gary",         password = "password",         rememberme = false, };  // create json formatter. mediatypeformatter jsonformatter = new jsonmediatypeformatter();  // use json formatter create content of request body. httpcontent content = new objectcontent<myjsonloginmodel>(mydatamodel, jsonformatter);  // going return cookie received web api controller browser // obtain http post request webapi in form of cookie object // need convert httpcookie object cookie cookietosendback = new cookie();   // cookie of type system.net.cookie httpcookie httpcookietosendback = new httpcookie("will_name_later");   // cookie of type system.web.httpcookie   // create new cookie container.  // attach cookie container http request // web api auth cookie automatically put container cookiecontainer cookie_container = new cookiecontainer();  httpclienthandler handler = new httpclienthandler(); handler.cookiecontainer = cookie_container; httpclient loginclient = new httpclient(handler);  // set base address of client loginclient.baseaddress = new uri(loginapibaseaddress);  // set web api address of client uri loginapiaddressuri = new uri(loginapibaseaddress+loginapiaddress);  // send http post request httpresponsemessage response = loginclient.postasync(loginapiaddressuri, content).result;   cookie mycookie;  if (response.issuccessstatuscode)  {      // let's access cookies cookie container since automatically populated     // cookies returned our http request (ie. cookies in http response).       ienumerable<cookie> responsecookies = cookie_container.getcookies(loginapiaddressuri).cast<cookie>();      foreach (cookie cookie in responsecookies)     {     if cookie.name.equals('.aspxauth')         cookietosendback = cookie     }      // want return cookie users browser     // httpcontext.response.cookies.add() method needs httpcookie object, not cookie object     // need convert cookie httpcookie     httpcookietosendback.name = "garycookie"; // changing name since both mvc , webapi name cookie .aspxauth     httpcookietosendback.value = cookietosendback.value;     httpcookietosendback.path = cookietosendback.path;     httpcookietosendback.expires = cookietosendback.expires;     httpcookietosendback.domain = cookietosendback.domain;       // note - if domain of webapi different mvc app, might want change in     // above statement, otherwise browser either not accept cookie domain, or     // not pass mvc app in next request      this.controllercontext.httpcontext.response.cookies.add(httpcookietosendback);  } else {     // http post webapi failed }

so when go login page , type out credentials , hit submit, not mvc cookie get, webapi cookie. named "garycookie" per code above. everytime go page on website, browser request page , send both cookies mvc app. if wish call other webapi methods, need reverse of have done, meaning take modified webapi cookie "garycoookie" , rename was. , send headers when making or post request on webapi methods.

you should set domain of cookie match of mvc if webapi , mvc app not on same domain. otherwise browser not send cookie mvc app if request page.

and way, tested of now, works.


Comments

Post a Comment

Popular posts from this blog

Perl - how to grep a block of text from a file -

-
it can in xml or text format. how in general grep block of text in perl? <track type="ws"> <range> <rangestart>0</rangestart> <rangeend>146.912</rangeend> <locationindex>0</locationindex> <propertyindex>0</propertyindex> </range> </track> <track type="ps" id="1"> <range> <rangestart>0</rangestart> <rangeend>146.912</rangeend> <locationindex>1</locationindex> <propertyindex>1</propertyindex> </range> </track> i want grep type="ps" , till </range> . one solution open file, read line line , match block. open(fh, "file.txt"); foreach $line (<fh>) { if ($line =~ m/type="cc"(.*?)<\/range>/) { print $1; } } but there more optimal solution without reading file line l
Read more

delphi - How to remove all the grips on a coolbar if I have several coolbands? -

-
Image
if set mycoolbar.fixedorder true,only grip on first band hidden. well,if use delphi 7 create vcl forms application,then put coolbar on , create 3 coolbans hold other controls,only grip , top coolbands can hidden setting mycoolbar.fixedorder:=true. i've uploaded picture make things clear. you got fixedorder property wrong. fixed property not allow bands rearranged if set true . setting property of coolbar true keep user changing bands order @ runtime, user can still move , resize bands. can give advice can do, actual solution problem, well, have wait answer. my advice use 3 coolbars in row , setting "fixedorder" property true , bandborderstyle bsnone . way grip hidden on of them. about property, it's not bug of ide, actual preference of property.
Read more

javascript - Animating array of divs; only the final element is modified -

-
this baffling me @ moment. i'm experienced programmer looking throw bit of surprise fiancee on countdown page our wedding. desired effect simulated confetti falling behind main page. setup follows: i have array of divs in javascript. each div absolutely positioned on page. have interval set updates every 50 or milliseconds. on each tick, run loop on array of divs, , calculations , update positions. problem problem having, however, though can see divs created, stored array, , modified (in case, each has slight randomized rotation) during initialization phase, once tick update position starts, div stored in whatever last slot of array gets position updated. tried hard-coding each div index testing purposes, strictly last element update position. upon printing current "left" , "top" style values each div before , after calculations shows value has been changed, no visible change noticeable. here's basic code: javascript var container;
Read more