Calling C# Web API with windows authentication from external - asp.net-web-api2

We have an intranet site web app. It's angularjs on the front end and asp.net web api on the backend. Because it started out as internal it uses windows authentication. Now we want to create a true mobile web app and be able to call these web api's from outside our network.
Since it's outside I'm assuming windows authentication no longer works?
Is there a way to mimic this windows authentication from the client so the api's still work or is there something else that needs to be done on the web api to make them work both internally and externally? Any direction would be great!

Related

Windows Authentication in Blazor WASM

I am implementing a WebApp in our company's intranet with Blazor WebAssembly. I need to make API-Calls to our DevOps Server hosted in our intranet and need to use Windows Authentication to access the API. In the former used WPF Client it was enough to just add the UseDefaultCredentials-Flag on the HttpClient, but that does not work in WebAssembly anymore since the App is running in the browser. The Microsoft Docs state We don't recommend using Windows Authentication with Blazor Webassembly, but not recommend does not mean not support, so it has to be possible somehow, to attach the current App-User's Windows Credentials(Token) to the API Call. Unfortunately there exists no example on the docs page on how to implement this and I have not found any code on how to tackle this, although on some forums people wrote that it is possible, but did not include the How in their comments.
I am using .NET5 for both Server and Client and need to make the Api-Call with Windows Authentication from the Client, not the Server as most examples are using it, as my Server-Project uses the same User for all Requests but I need the User of the Client-Project.
Any kind of help is appreciated.

How to Make Server Side Authentication Secure with vb .net windows app?

m trying to make an VB .NET Windows Form app that authenticate to my website by POST request!
if user login info is valid it says "welcome" and application authentication is successful!
my website is coded with php + mysql!
problem is it is insecure and can be bypassed by many techniques..
HOW TO MAKE SECURE APP IN VB .NET that auth server side?
any method? please provide codes if possible!any code or
any other best language to make it most secure?
You can create an authentication function in PHP Web Service Class File .
And from your windows application, you can call the authentication function in that PHP web service .
Here is the sample link on how to create a web service in PHP : http://www.codeproject.com/Tips/671437/Creating-Web-Service-Using-PHP-Within-Minutes

ASP.NET Web API Authentication (Web + Mobile)

I'm designing a solution that involves ASP.NET Web API as the service layer plus clients for web, iOS and Android.
Web users should be able to log into the web site and do their stuff. I'm using Forms Authentication for this scenario.
Mobile users should use the REST API and I believe we need a different authentication mechanism here.
Assuming that a given ASP.NET MVC application can support only 1 authentication mode, do I need to create 2 separate applications, one as the web client with Forms Authentication, and one as the API, and host them separately?
Any advice would be appreciated.
You could do basic authentication for the service clients and combine that with your existing forms auth
http://leastprivilege.com/2012/10/23/mixing-mvc-forms-authentication-and-web-api-basic-authentication/

Creating a Web Proxy for Mobile Clients (HTML5 Web App)

I'm currently developing an HTML5 mobile web app for Blackberry using WebWorks that interacts with a 3rd party API.
Unfortunately i can't use the API directly from the mobile app due to the cross domain requests constraints, so i'm considering the development of a Web Proxy that interacts with the API and serves the web app.
Since I've never done such thing i would like to get some recommendations, i'm going to use Microsoft technologies (.NET) to achieve my purpose.
I'm thinking about a WCF service that makes all requests to the API and the mobile client connects to the WCF service to get the data, but i think i'll have the same cross domain requests limitation anyway so it might not work.
First, check with your third-party API provider if they support CORS. If they do, you can get around the same origin policy restrictions. Assuming they don't, you can create a facade service using ASP.NET Web API instead of WCF. ASP.NET Web API is designed from the ground up for creating HTTP services for broader reach and there is no SOAP involved.
From your ASP.NET Web API, you can make a HTTP call using HttpClient and simply pass the request to the third party API and echo the response back to your app. As you rightly said, the same origin policy restrictions will apply to this case as well but you have more control over the server side. You can implement CORS in ASP.NET Web API and that way your BB WW app can still call your web API despite being in different origins.

Forms Authenticated Web APIs and jQuery

I have an issue that I am seriously struggling with.
I have a website, and a separate WebAPI which I want to be able to authenticate against each other. I was thinking that forms authentication would be best here. However, on my website, how do I go about calling the forms authenticated webAPI via a jQuery AJAX call?
Does anyone have any links or suggestions?
There is a discussion in this blog post on mixing forms authentication and basic authentication in Web API. You may be able to leverage some the principles in this article although it was tested with the Web API's residing on the same server as the web application.
If you keep the Web API and web application on separate servers your web application will run into cross domain issues and will have to support JSONP in your Web API. A possible work around for your website is to create a Web API locally on your web server which is just a facade to the Web API on the remote server. You incorporate the standard security methods on the local Web API, using AuthorizeAttribute, which in turn just calls your the Web API on the remote server. You can incorporate whatever security method you want to have for external users on the remote Web API.