I want to implement authentication and authorization in my MVC and Web API projects.
For cross browser and mobile access, we are implementing Web API into our project. In our Views, we are using normal controllers. For data we are using API controllers. How can I achieve role-based access and authorization in ASP.NET MVC 5?
I have added the authentication tag to the web.config. When I run the application, I'm getting the following error:
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Error Cod: 0x800700b7
Related
I have an asp.net core web application that using OpenIddict. It works fine and users can login.
Now I want to add web.api hosted on separate subdomain, but because the user is already authenticated I want to somehow share that authentication.
Is it possible? How can I do it? I see in the examples for OpenIddict user have to authenticate again, but I do not want that.
My Setup:
ASP.NET Core Web App: app.domain.com
OpenIddict server: login.domain.com
Web API .net Core App: api.domain.com (that is new requirement)
My web application has views that display data from controllers, I want to add extra javascript logic, and I can have web.api as part of the asp.net core domain: app.domain.com/api/
in that case, it works, the authenticated shared between web application and API,
but my goal is to have web.api on a separate subdomain: api.domain.com
I know I have to create a Bearer token, but it is not clear how to do it without authenticating the user again. So I want somehow share ASP.NET Core web application authentication to access api.domain.com
Can you please point me in the right direction? Where to start looking?
Hi to all of stack fans.
I have a question about web API token.
how can i prevent access to web API controllers that has [authorize]
by token that created by an other web API project?
i created two separate web API project.then i got a token from first web API
project after that i used that token to access second web API project.i successfully accessed to controllers of second project by token that created with first web API project.i want to prevent access to second web API controllers by first project created token.what should i do?
Creating simple asp.net core 2.0 web api application (RESTful services only) that uses windows authentication. In my controller I defined a simple test method which just returns the username (json format). When I used a restful client such as fiddler and invoke this method, e.g. http://localhost/webapi/testservice, I get a 401 Unauthorized error. However when I put that url in a Web browser, it invokes successfully and returns the user back.
My question is, why does invoking the service work on the browser but not in a REST client like Fiddler? Is there an additional header I need to add in the client when invoking the service?
I am new to Identity server and wants to secure my two apps (MVC, Webapi) using it.
I have seen the example where we can invoke the webapi from MVC action method and SetBearerToken that was issued to the the MVC application. I am referring the below sample:
https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html
This is typical example of server to server communication where we are using access token issued to the MVC app for Web api.
In the same scenario, I want to call webapi from Javascript client(fro ex Angular or any one) using same access token.
"I want to pass the the access token issued to the MVC application to call WebAPI from JavaScript"
How can I utilize the token that was issued to my MVC application from the JavaScript client?
Thanks
They should be treated as different client in my opinion, I guess they are different site? For your Javascript client you should be able to find example here , you can use the javascript lib that provided in the example or write one yourself
Once you get the token, then you can call your API using AJAX, where you might face CORS problem if your webapi is on a different domain, well...that is different topic.
Hope that helps
We are building ASP.NET MVC core web app and accessing data through ASP.NET Core Web API.
We have to give authentication and authorization to both MVC Core and Web API Core side.
If user is authenticated in MVC core web app then while accessing the data on web API core it is should not again authenticate. If user is directly accessing the web API then it should not allow and ask for authentication.
We also want to give authentication through Google.
For WebAPI I suggest token based authentication, Google support OAuth.
I suggest you take a look at the following link:
https://stormpath.com/blog/token-authentication-asp-net-core
There are some community-led efforts to build rich token authentication functionality for ASP.NET Core:
AspNet.Security.OpenIdConnect.Server – Similar to the OAuth Authorization Server middleware for ASP.NET 4.x.
OpenIddict – Wraps OpenIdConnect.Server up into an easier-to-use package that plugs into ASP.NET Identity.
IdentityServer4 – A port of Thinktecture IdentityServer3 to .NET Core.
All of them have sample MVC and API apps. Enjoy.