ASP.NET Web API Authentication

asp.net web api - How to authenticate user

To make a user authenticated you have to perform a sign in operation.
What you do in your Login method is checking the credentials, but sign in is where you (with help of some authentication API) set user identity into (most commonly) a cookie, like:

FormsAuthentication.SetAuthCookie(model.Email, model.RememberMe);

Authorization and Authentication ASP.Net web api

A quick solution is to extend AuthorizeAttribute and define your authentication logic there. See this SO question for an example.

A little bit more modular approach is to create an authentication filter. See ASP.NET docs here. This way you can separate authentication and authorization.

As for HMAC vs Basic authentication, I would go with the simpler Basic authentication is security is not a key component of your system. This way you can ship v1.0 faster.

The authorization is not working in ASP.net core web API

I found the solution.... I was declaring a key in the generation of the token which is different from the one I've declared in the appsetting.json

so when the TokenValidationParameters takes the wrong key it was preventing authorization

---

Related Topics