How do I call my role-based authorized web API from another app?
Question
I have a web API that utilizes role authorization ( ex: [Authorize(Roles="test")] ) for each controller and action.
This API is meant to be a stand alone app with no actual MVC site for it, so there is no login method.
So let's say I have a separate " Students " app that needs to display a list of all current students in the school. In the API, I have a role-based authorized method that retrieves all current students from the database. How would I be able to call that API call from the " Students " app (which is on the same domain) if it's authorized?
Is there anyway I can spoof the " Students " app to run under one of the authorized roles? I don't want to use the roles of the user using the site because only Admins are allowed to execute these API calls.
1 answers
solution1
0 2015-10-28 21:32:52
Look at this tutorial on building an OAuth 2 authorization server . You can use the Authorization Code Grant to authenticate your Students MVC app against your API.
Building an OAuth server is not a simple task, however. You can look at a complete and secure open source product like IdentityServer to help you implement most of the authorization and authentication logic.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.