locked
Asp .NET MVC user authentication RRS feed

  • Question

  • User1593233503 posted

    I am developing a .NET MVC web app where user will enter user name and password in the log in page. I call a token based authentication web api to validate the credentials. The api returns me access token along with its expiry date/time if the user already registered and entered valid credentials. My questions are,

    1. How to utilize this access token and set the user authenticated to true in custom authorize attribute.  
    2. If the token is  expired the user should be redirected to login view.
    3. What should be the logic to check the token expiry? If I keep that logic in authorize attribute then it gets invoked only when action methods are invoked. Is there any better way in case user keeps a page idle.

    Thanks,

    Mahantesh

    Thursday, August 16, 2018 3:46 AM

All replies

  • User1724605321 posted

    Hi Mahantest,

    I am developing a .NET MVC web app where user will enter user name and password in the log in page. I call a token based authentication web api to validate the credentials.

    Which flow you are using ? Do you use own login page and  OAuth 2.0 Resource Owner Password Credential Flow ?

    http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/ 

    http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-and-identity-2/ 

    Please explain more about that .

    Best Regards,

    Nan Yu

    Friday, August 17, 2018 4:44 AM
  • User1593233503 posted

    Thanks for the reply Nan Yu.

    My api is implemented in the same lines as in the links you have given in your reply.

    My question is, I am developing  a .NET MVC web app which has login action which will send the user entered user name and password to the api. Api sends back the access token if the credentials are valid. What is the mechanism / logic to be followed when I redirect user to some other action method which is decorated with Authorize attribute. Basically, I want to know how to say that the current user is authenticated so that Authorize attribute lets the user access the action/view. 

    Please let me know if you need any other details from me.

    Thanks,

    Mahantesh

    Friday, August 17, 2018 6:31 AM
  • User1724605321 posted

    Hi Mahantesh ,

    After web api side validate the user credential , it will send back ID Token and Access Token(if you request api access) to MVC client , MVC should validates the Identity token and uses it to create a local Authentication cookie, so the user becomes authenticated in the app. 

    Best Regards,

    Nan Yu

    Thursday, August 23, 2018 8:32 AM