[英].Net web API hosting in IIS (API uses Bearer Token for authentication)
I am developing one public-internet facing Angular application which call one .Net Proxy API (exposed to internet) which will internally call actual .net API (hosted on-premise). I am developing one public-internet facing Angular application which call one .Net Proxy API (exposed to internet) which will internally call actual .net API (hosted on-premise). Angular app will get Bearer token from Okta and then call.Net Proxy API. Angular 应用程序将从 Okta 获取 Bearer 令牌,然后调用.Net Proxy API。 I wanted to know in such scenario where Bearer token will be used for authentication, When I host .net proxy API and.Net actual API in IIS, what i should be selecting in IIS for authentication? I wanted to know in such scenario where Bearer token will be used for authentication, When I host .net proxy API and.Net actual API in IIS, what i should be selecting in IIS for authentication? Basic or windows or Anonymous or something else?基本或 windows 或匿名或其他?
Flow is: Angular -> OKTA -> Token ->.Net Proxy API ->.Net API -> Database流程为:Angular -> OKTA -> Token ->.Net Proxy API ->.Net API -> 数据库
If the user has to "login" after connecting to your.Net proxy API or.Net API then you will need to allow Anonymous Auth.如果用户在连接到您的 .Net 代理 API 或 .Net API 后必须“登录”,那么您需要允许匿名身份验证。 If they will always definitely have credentials by the time they hit IIS, you will want Basic Authentication.如果他们在到达 IIS 时肯定总是拥有凭据,那么您将需要基本身份验证。 You will likely not want Windows Authentication enabled unless you are going to use windows logins for auth.您可能不希望启用 Windows 身份验证,除非您打算使用 windows 登录进行身份验证。
This article is old, but should still explain what each auth method does. 这篇文章很旧,但仍应解释每种身份验证方法的作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.