I have an existing WEB API 2 project with JWT authentication.
how I merge my WEB API application so it's similar like Administration project.
the route will be something like localhost/api/[myApiRoute]
I know there's an alternative way using plugin, but I got a dead end implementing JWT and my customization handler.
So I ended up by adding a Web API to NOP.WEB project.
The steps I needed to perform were:
Add Web API Packages
(How to add Web API to an existing ASP.NET MVC 4 Web Application project?)
Add OWIN Packages
(http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/)
Configure the Startup.cs
now you can use [System.Web.Http.Authorize] attribute to authorize your API using OWIN Authentication.
I also add new folder called API and put all API files there (Controller, Models, Provider, Handlers, etc.) so it would easy to maintain.
For API routing, I'm using Attribute Routing (http://www.asp.net/web-api/overview/web-api-routing-and-actions/attribute-routing-in-web-api-2). you can add config.MapHttpAttributeRoutes() at Startup.cs
Related
The document provides a scaffold way to use identity system but with razor pages. I've realized basic login/logout with razor components and API controller way. The form is built in razor components, and when submitting, it's posted to controller or just navigate to controller. Can anybody provide a sample of Microsoft external login using razor components and API controller?
If you are looking to implement a SAML or OAuth Login you just need controller endpoints to initiate the sign in and to handle the redirect from the identity provider.
If you are using Blazor Server you can map controllers using app.UseEndPoints method. See this answer. How to add controller (not view) support to a server-side Blazor project
If you are using Blazor Wasm you would just map these endpoints in your service layer. If you use the ASP.NET Core hosted template the controller mapping should already be setup for you.
One you have controllers enabled you would need to setup the keys and redirect urls with the identify provider. Each identity provider usually has some of portal for setting this up. For example Azure AD would do this with an App Registration.
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/auth-saml
https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
You would then use parameters from this registration to build the redirect to and from the provider, validate the token and either store it or generate an application specific cookie or token for your application to use.
If you are planning on using SAML either of these two libraries are very good at taking care of the internals of token validation.
https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2
https://www.nuget.org/packages/ITfoxtec.Identity.Saml2.Mvc
This post for Itfoxtec's library has some good examples of the ASP.NET core configuration and endpoints required.
https://www.itfoxtec.com/IdentitySaml2
Admittedly, I am new to creating RESTful services. I have created a new ASP.NET Core Web API project. I have the main part of the REST service created, but I need to add authentication. For this app, I cannot use Microsoft's Identity package.
I have found a JWT Authentication article that seems to work well for me, but it's implemented as a console program--there's no information on how to wire it into a Web API project (facepalm). JWT Authentication using C#
I have done a lot of looking on the net, but I can't seem to find what I need.
Any suggestions will be appreciated.
I'm looking for a way to do token authentication for the Web API controllers I have created within an MVC 5 application (I need a way to do it without creating a separate Web API project within the solution). My endpoints are in the Controllers folder at the project level and the controller types are Web API 2 Controllers. How can I generate a token for a user that logs in on the mobile application that uses the Web API and use that token for the endpoints that are contained in the API?
I developed a website using ASP.NET MVC5 with Entity Framework and Microsoft Identity. Now I need to add Web API to this project for mobile app development using RESTful architecture. My questions are:
Does Api controller and Mvc controller shares the same request pipeline?
Can I separately implement the Cookie based authentication for website and the Token based authentication for Api?
If I deploy the website on IIS, does this mean Web Api will also be automatically hosted by IIS?
I will try to answer your questions:
No, they using different pipeline. For MVC check this document
and for WebAPI this one. Basically MVC will use same pipeline
as previous ASP.NET implementations and Web API using OWIN based
model, however since you host it on IIS request still will go
through modules and etc., but it's better not to relay on them. MVC
and Web API pipelines merged in ASP.NET 5, where all of them uses
OWIN
Yes, it's up to you how authorization will be implemented. You can
even separate authorization for different WebAPI controllers: just
create different authorization filters
Yes, it will be configured with OWIN implementation, but hosted on
IIS
I'm moving some MVC code to Web API and I need to update my custom ModelValidatorProviders. It seems as though my validators can stay much the same only they should inherit the System.Web.Http.Validation namespace.
What I can't figure out is how to add the provider to Web API. When using MVC I can just add the following to my global.asax:
ModelValidatorProviders.Providers.Add(new CustomModelValidatorProvider());
How do I use the custom provider with Web API?
This page Configuring ASP.NET Web API helped me answer my own question. Specifically this is what I ended up doing:
GlobalConfiguration.Configuration.Services.Add(typeof(ModelValidatorProvider), new CustomModelValidatorProvider());