locked
Web Api authentication quesitons RRS feed

  • Question

  • User-763603659 posted

    Hi, I'm using VS2013, asp.net and C#

    I want to create a Web Api project and add it on to a solution.  The Change Authentication comes up with several options but under the Organization Account, why I don't see drop down options for On Premise and Multi-Organization?  I only see the One-Organization option.

    This web API should only be available for internal and maybe in the future, external partners.  To make this simple, would it be secure enough if I make this a Windows Authentication and then each web api call, the caller would need to pass in a user id and password for the api to work.  The web api will also be published as a web site in IIS server with SSL cert installed.  Will this be secure enough?

    Another quesiton, if the authentication mode is set to Windows Authentication, how does that work?  Other application will call my web api, what account will the application be running from that web server?  Right now it will be called by a Java web application.  I'm just not clear on how it is Windows authentication when it's an application that's calling.

    Thank you.

    Tuesday, December 20, 2016 10:27 PM

Answers

  • User-2057865890 posted

    Hi Taichung,

    The Change Authentication comes up with several options but under the Organization Account, why I don't see drop down options for On Premise and Multi-Organization?  I only see the One-Organization option

    Select "MVC" in the subtemplate screen, then hit "Change Authentication".
    Select Organizational Accounts from the options on the left, then click on the top combo box.

    if the authentication mode is set to Windows Authentication, how does that work? 

    If you select Windows Authentication, the application will be configured to use the Windows Authentication IIS module for authentication. The application will display the domain and user ID of the Active directory or local machine account that is logged into Windows but won't include user registration or log-in UI. This option is intended for Intranet web sites.

    This web API should only be available for internal and maybe in the future, external partners.

    You can use On-Premises Organizational Authentication to create an Intranet site or an Internet site. For an Internet site, use Active Directory Federation Services (ADFS) to provide access to AD. For more information, see Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.

    reference: https://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, December 21, 2016 10:10 AM

All replies

  • User-2057865890 posted

    Hi Taichung,

    The Change Authentication comes up with several options but under the Organization Account, why I don't see drop down options for On Premise and Multi-Organization?  I only see the One-Organization option

    Select "MVC" in the subtemplate screen, then hit "Change Authentication".
    Select Organizational Accounts from the options on the left, then click on the top combo box.

    if the authentication mode is set to Windows Authentication, how does that work? 

    If you select Windows Authentication, the application will be configured to use the Windows Authentication IIS module for authentication. The application will display the domain and user ID of the Active directory or local machine account that is logged into Windows but won't include user registration or log-in UI. This option is intended for Intranet web sites.

    This web API should only be available for internal and maybe in the future, external partners.

    You can use On-Premises Organizational Authentication to create an Intranet site or an Internet site. For an Internet site, use Active Directory Federation Services (ADFS) to provide access to AD. For more information, see Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.

    reference: https://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio

    Best Regards,

    Chris

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Wednesday, December 21, 2016 10:10 AM
  • User-763603659 posted

    So I can't use the Web Api template if I want to use On Premise or Multi Org Authentication mode? 

    If another web application calls my web api then the Windows Authentication will use the Computer account where this calling application reside?  So, the calling PC will be authenticated if it's on our company domain?

    Thank you.

    Wednesday, December 21, 2016 11:08 PM