locked
Asp.Net Identity 2 and oAuth server (OWIN) - architecture RRS feed

  • Question

  • User1887063503 posted

    I have general question regarding integration on Identity 2 with oAuth server. I've read a lot of articles, but I still have some misunderstanding of each part. Let's take for example next structure:

    • MVC application - front end application with all pages (some of them open and some of them secured)
      • WEB API2 application - web api application for different apis that part of MVC app is using
      • MVC admin application - admin application with admin role permissions

    Each application lives on different domain or sub domain

    The scenario I want to create: User (regular or admin) logged into the app with regular login or social network login (facebook/google/microsoft/etc.) once he did this he will be able to go to admin application, web api application and pass the authentication automatically.

    As I understood, MVC app using external cookie or session and Web API uses tokens.

    What is the proper way to create authentication process for the application?

    Thursday, July 3, 2014 2:53 PM

Answers

  • User1779161005 posted

    The scenario I want to create: User (regular or admin) logged into the app with regular login or social network login (facebook/google/microsoft/etc.) once he did this he will be able to go to admin application, web api application and pass the authentication automatically.

    Yes, web apps use cookies and apis use tokens -- that's the preferred way. To get tokens for web apis you need an authorization server. The authorization server is a web app, in essence, and as such needs cookies to authenticate the user.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 3, 2014 3:41 PM