I am developing a web application using MVC5 and WebApi2, but in seperate solutions. I have created a WebApi using ASP.NET Identity, JWT using BearerTokens and user login/creation etc is working beautifully through Postman.
I do have some problems connecting to the web api through MVC though.
The thought is that the Web Api will be deployed to Server A, and the MVC Frontend will be deployed to Server B.
I therefore need to know how to contact and retrieve information from a Web Api through MVC.
I am hoping some of you clever minds have some links to some resources or have a simple answer to the connection part of it all. I would very much prefer using C# and not JS to retrieve the data. (Although if JS is the only way, then i guess i'm learning JS)
Related
We currently have an ASP.NET Core MVC app in combination with IdentityServer4 for authentication. The user authenticates via IdentityServer (with the HybridAndClientCredentials flow) to ADFS before it has access to the MVC application.
The SignInScheme on the MVC client is set to the values "Cookies".
We would like to extend our MVC app to host multiple Angular apps. Sometimes even more than 1 Angular app per MVC view.
The angular apps will call seperate ASP.NET Core Web API's on behalf of the user.
My question is how does the angular apps know that the user is already authenticated in the MVC application, retrieve the access token and call the API's on the user behalf?
I have been playing around with solution Scott Brady came up with but there seems no integration between the MVC app & Angular app. The Angular app will try to authenticate to identityserver and expect a callback on a particular page.
I am looking for a solution how to share the accesstokens between the MVC app and the angular apps but I am stuck. Any help is much appreciated.
If they have to sign in via the server-side hybrid flow already then the simplest way would be an endpoint in your MVC app that is cookie-secured that the client side app can call to get the access token.
Another approach is to use oidc-client-js and have the client side Angular app obtain its own token.
You could abstract this away from the client side app itself so it's easy to change the mechanism later if you need to. As it happens we use a combination of server side and client side flows and it works fine.
I have a ASP.NET Core MVC application that register/login users using ASP.NET Identity by providing a registration/login form or using Google OAuth. Now we want to build a mobile application to use our API server (build with ASP.NET Core Web API hosted in a sub-domain of the website) but we want to have the same register/login flow in that too.
I dig around and find out that IdentityServer4 has the necessary features to support our needs and read its documentation but unfortunately I couldn't make it to work as I wanted to.
The scenario is that we have a Web Application, Web API and a Mobile application which all of them should use same register login flow which is to register and login in the application or use Google OAuth.
I appreciate if anyone can point me to a good documentation or sample code for both MVC client application and Identity Server (for authentication) with the same requirements.
If you take a look at the quickstart samples, it will give you a good place to start. That sample has MVC client using implicit flow for authentication against the identity provider. You can easily extend the controllers (like this one for example) with routes and code to do registration logic. This sample does external login using google for your convenience. For mobile you would probably want to use Hybrid grant/flow and depending on your platform/device google can help you find libraries to do this.
HTH
I developed a website using ASP.NET MVC5 with Entity Framework and Microsoft Identity. Now I need to add Web API to this project for mobile app development using RESTful architecture. My questions are:
Does Api controller and Mvc controller shares the same request pipeline?
Can I separately implement the Cookie based authentication for website and the Token based authentication for Api?
If I deploy the website on IIS, does this mean Web Api will also be automatically hosted by IIS?
I will try to answer your questions:
No, they using different pipeline. For MVC check this document
and for WebAPI this one. Basically MVC will use same pipeline
as previous ASP.NET implementations and Web API using OWIN based
model, however since you host it on IIS request still will go
through modules and etc., but it's better not to relay on them. MVC
and Web API pipelines merged in ASP.NET 5, where all of them uses
OWIN
Yes, it's up to you how authorization will be implemented. You can
even separate authorization for different WebAPI controllers: just
create different authorization filters
Yes, it will be configured with OWIN implementation, but hosted on
IIS
We are starting a project which will consist in:
Web project (ASP.NET MVC)
IOS app
and both will consume data from a .NET WEB API service.
The WEB API service will expose a POST Method with the url "user/create". But i don't know how can i avoid another apps for making post to this url? I know i need a security protocol, but i wanted to know which one you recommend me, and if you have, an article where is it explained.
Thanks
web api 2 provides oauth authentication. You will need to get a token from the token end point of web api and pass that token in subsequent requests.
You should find lot of online resources if you search for web api 2 oauth.
We did something similar recently using OWIN OAuth 2.0 Authorization Server
Reference this ASP.NET page for details. Sample code is included as well for several different implementations.
For our purposes, we used the Client Credentials Grant section about half-way down the page. Our implementation involved server-server OAuth (Web API to MVC), but I bet it's pretty similar to have iOS connect. The only thing I would caution is to somehow encrypt the login credentials on the iOS side, and I'm sure there is a way to do that.
So you want the WebAPI to only be used by the MVC page? The best architectural method is to separate the two rather than leave both in one project. Why? Because the MVC app is a experience layer for humans. The WebAPI is an experience layer for the MVC app. Move it back where it can't be accessed.
You can add on tokens, etc, but the MVC app sits on the server, but is accessed on the client computer. The wider the scope of the application (ie, intranet or internet or something in between?), the more difficult the problem and the harder it is for your users to access the application. Moving the WebAPI internal and leaving the MVC app exposed guarantees external users cannot use the API.
The main reason WebAPI and MVC exist together in a single project (still a mistake in most instances, IMO) is you are exposing both to the same audience. If that is not your intent, don't do it.
I'm just starting a project where I would like to use Kendo UI (based on jquery) with C#. A few weeks ago I was successful in handling requests using Web Services (asmx), was pleased with the results and performance, and was able to create forms quickly.
Since this is a new project, I thought I could look into different concepts such as MVC and WebApi. I found MVC to be the most complicaded so I went for WebApi and started playing with controllers and requests. So far what I'm finding (don't judge me, I'm new to these new concepts), is that Web Service seems to be simpler and more flexible.
So I guess what I'm looking for is... what are the main advantages of using MVC vs WebApi and even vs Web Services. Are there any downsides to Web Services? Would it be a bad practice to have my data layer controlled by Entity Framework, all models defined, and my requests handled by Web Services?
Any clarifications are welcome. Thank you.
In a broader sense, Web API is used to create Web Services ! It uses HTTP as its standard for creating services (instead of SOAP like in asmx) as its more open and any type of client like a mobile app, desktop app, web app etc will understand HTTP protocol. Another advantage is that u can easily use JavaScript/jQuery to communicate with your Web API. With SOAP web services, its a nightmare!
Kendo UI and Web API is a great combination. We have recently created a mobile iPad app using this combination and it worked like a charm. We also used Entity Framework with oracle as back end DB and it never gave any issues.
Webservices are nice if you have the need for it. A need as in needing that logic/data in more than one different type of application (such as web, and a mobile app, and a desktop app). (Or if you want to sell the service you're providing)
Using a webservice for ONLY a website which you don't except to expand to other things is complete overkill.
Furthermore, the MVC framework and the Web Api framework are pretty similar except web api is used exclusively for webservices. Coding in both of them will be the difference between white bread and wheat bread.