How to use custom authentication/authorization in an ASP.NET Core MVC app that communicates with a Web API?
Question
I want to use the authentication/authorization in an MVC/Razor Page app which uses a back-end API to transact data and authentication tokens. The API issues access and refresh JWT for valid sign in and what I have done so far is to call the API and fetch these tokens using HttpClient and afterwards, store them in cookies.
However, I have to manually check for the tokens and refresh the access token when it expires and also delete the cookies when user signs out. I would like to know if there is a way to use this in more proper method by utilizing the authentication and authorization features of ASP.NET Core (such as using [Authorize] to limit certain controllers' to specific users.
1 answers
solution1
0 2018-05-04 20:31:41
Checkout Identity Server , which is both and Authentication (using OpenIdConnect) and an Authorization server (using OAuth).
Then in your WebApp (MVC/Razor and client of the API) simply use its integration. An example of how to setup an ASP.NET MVC as a client of an IdentityServer instance can be found in Identity Server's official documentation .
For the refresh token, you need to configure your MVC app to request the offline_access scope.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.