ASP.NET Web API + ASP.NET MVC身份验证
[英]ASP.NET Web API + ASP.NET MVC Authentication
问题描述
I am having question around authentication/authorization. 
我对身份验证/授权有疑问。 Here's my application set up. 这是我的应用程序设置。 Application 1 : ASP.NET MVC application which is served using browser. 应用程序1:使用浏览器提供的ASP.NET MVC应用程序。 Application 2 : same functionality is served using hybrid mobile app, which is using ionic + angularjs on client side(app) and ASP.NET Web api on server side. 应用程序2:使用混合移动应用程序提供相同的功能,该应用程序在客户端(app)上使用ionic + angularjs,在服务器端使用ASP.NET Web api。
Now, both application have same user base and both need a common authentication/authorization module. 现在,两个应用程序具有相同的用户群,并且都需要通用的身份验证/授权模块。
I have went through internet and found many good article which explains authentication with each application individually. 我已经通过互联网找到了很多很好的文章,它解释了每个应用程序的认证。 I am clear to the point where I need to use token based authentication with OWIN middleware. 我很清楚我需要在OWIN中间件中使用基于令牌的身份验证。
But I am not quite sure about how to implement common authentication module for both application. 但我不太清楚如何为这两个应用程序实现通用身份验证模块。 I am planning to have single hosting for ASP.NET MVC application and ASP.NET web api (back end part of app). 我计划单独托管ASP.NET MVC应用程序和ASP.NET web api(应用程序的后端部分)。 How can I have common Authentication controller which is shared between both? 如何在两者之间共享通用的身份验证控制器?
If I host both separate, I will have seperate AccountController for each(derived from "Controller" for MVC and derived from "ApiController" for WebAPI). 如果我分别托管两个,我将为每个单独的AccountController(从MVC的“Controller”派生,从WebAPI的“ApiController”派生)。 But not sure, how can i merge this controller to have common authentication module in my solution 但不确定,如何合并此控制器以在我的解决方案中使用通用身份验证模块
Am I in right direction with hosting both together? 我是否在正确的方向与托管在一起? Or any other best practice i need to follow? 或者我需要遵循的任何其他最佳做法?
Thanks 谢谢
1 个解决方案
解决方案1
0 2018-08-03 20:38:33
Make one project that has MVC + API controllers. 制作一个具有MVC + API控制器的项目。
MVC controllers will implement cookie-based authentication (they get auth ticket from cookie) and will be used to serve your mvc site. MVC控制器将实现基于cookie的身份验证(他们从cookie获取身份验证票证)并将用于为您的mvc站点提供服务。
API controllers will implement header-based authentication (they get auth ticket from header) and will be the back end of your Angular app. API控制器将实现基于头的身份验证(他们从头部获取身份验证票证),并将成为Angular应用程序的后端。
Both MVC AND API controllers will access a class that gets the ticket and implement authentication/authorization logic specific to your needs. MVC和API控制器都将访问获取故障单并实现特定于您的需求的身份验证/授权逻辑的类。
This way you will be able to deploy one web app to one host that serve MVC site and Angular app. 这样,您就可以将一个Web应用程序部署到一个为MVC站点和Angular应用程序提供服务的主机上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.