4

I have a project that has both regular MVC controllers with Views as well as Web APIs. I have implemented Forms authentication. This protects both my Web API as well as my MVC controllers. However since cookies are not supported by Mobile browsers I am looking for implementing an alternate token based authentication. Following questions

1) Is there any way to use token based authentication for both Web API as well as regular MVC controllers ?

2) Is there any way to pass bearer token automatically by the browser instead of manually putting it in request headers ?

3) How can I include authorization information in the bearer token ?

Improve this question

1 Answer 1

Reset to default
2

In response to your questions

1) you are looking at a hybrid flow which allows multi user clients being MVC and Mobile clients to obtain and use tokens, refreshing tokens is only available from the MVC client from what I know.

2) you can use identity server to send through authorization tokens or use the link below where you will insert authorization information (roles based) when sending tokens.

Please look at the following tutorial, it'll help in most of your requirements http://bitoftech.net/2015/01/21/asp-net-identity-2-with-asp-net-web-api-2-accounts-management/

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Please update you answer with content as Link Only Answers are not acceptable.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.