如何在Asp Net Core RC1 MVC中添加带有令牌认证的“ApiController”

Question

I know that this question could receive some downvotes, but I'm searching on Google for three days, with no really usable results.

I've created a default ASP.NET Core 1.0 RC1 project in Visual Studio, with Individual User Account authentication/authorization. Everything is easy and simple this way, because the project is scaffolded using Microsoft.AspNet.Authentication.Cookies , and VS 2015 does all the heavy lifting.

However, we want to expose an API from the same project (using the same database, users, claims and so on), that will be consumed from mobile devices and even some simple SPA's. This way, we need to use something like JWT for the API (There are a bunch of tutorials on how to do this with WebAPI only).

We want to do the main project using MVC (not SPA) way to leverage the use of view/controller scaffolding and everything Visual Studio can offer.

There is a lot of of tutorials of MVC-only or WebAPI-only approaches, but could you point me on how could I mix them together?

Is there a way of using JWT only with MVC and WebAPI system-wide?

Thank you in advance.

Answer 1

Limiting identity by scheme this link may be answer of your question.

In some scenarios, such as Single Page Applications it is possible to end up with multiple authentication methods, cookie authentication to log in and bearer authentication for javascript request.

I think, you can use below code for mvc and javascript calls(of course, you must enable cookie and bearer middlewares):

[Authorize(AuthenticationSchemes = "Cookie,Bearer")]
public class YourController : Controller