Authenticated ASP.NET Core MVC site consuming web API RRS feed

  • Question

  • User619969680 posted


    I have an ASP.NET Core 2.2 MVC site, that uses Facebook as an identity provider. Users can click the login button, they are redirected to Facebook to enter their credentials, and are then redirected back to the site. At that time they are authenticated, and I have a number of claims like name idenfifier, email etc. This works fine.

    But now I also want a separate web API, which will be consumed by the MVC site. 

    But this web API should of course also be protected, as I want to handle (custom) authorization in the web API; and for that I need to know the identity of the caller.

    So my question is: how is this kind of security normally implemented? I guess I have to use a bearer token, which is sent with each call to the web API, but how do i generate this token? What is the architecture that is normally used for this kind of scenario?

    Thanks for any hints!

    Friday, January 25, 2019 3:14 PM


All replies