I have a Web API which is currently used by AngularJS apps in an ASP.NET MVC web application. The MVC application is utilizing ASP.NET Forms Authentication as authentication mechanism. How should I authenticate a user of the Web API when the client is not the web client but e.g. a stand-alone service. What I've done right now is adding a login method to the Web API which gives anyone with right credentials access:
[Route("api/v2/login"), HttpPost]
[AllowAnonymous]
public IHttpActionResult Post([FromBody]Credentials credentials)
{
var principal = FindPrincipal(credentials);
if (principal != null)
{
FormsAuthentication.SetAuthCookie(principal.Identity.Name, false);
return Ok();
}
return Unauthorized();
}
My question is if this is how this should be solved or if there's a better way?
Aucun commentaire:
Enregistrer un commentaire