2

I would like to set up a system that use both technologies at the same time. My MVC application generates and returns html/css/jaavascript files and then I do some work on the client side that get data through ajax request. Nothing new so far, but I would like also that the ajax endpoing could also be use as a pure REST service .

How can I have a uniform way to authentificate (web forms for MVC clients(that will then use the REST enpoints for the ajax requests) , something else for pure REST clients ).

Thanks

Improve this question

1 Answer 1

Reset to default
2

You could use the [Authorize] attribute (the System.Web.Http.AuthorizeAttribute one and not System.Web.Mvc.AuthorizeAttribute) on your Web API controller actions:

public class ValuesController: ApiController
{
    [Authorize]
    public HttpResponseMessage Get()
    {
        string username = User.Identity.Name;
        ...
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Sounds great, Let me try that. How my REST clients are going to authenticate ? Are they going to send data to the form-auth module?
The way your REST clients will have to authenticate will depend on what authentication mechanism you have configured. For example if you are usnig Forms Authentication those clients will have to supply a valid Forms Authentication cookie along each request. If you are using AJAX calls this cookie will be automatically sent along each request if the client authenticated initially within the normal MVC application.
Thanks, I will probably ask my REST clients to do so. Is there any other good pratice to mix the two types of clients?
The Webapi has two types of clients: AJAX ( clients using their browser) and pure REST clients ( for python/ruby ... ). The former is authenticated when they connect to the website and the latter needs to connect through an api or a scheme.
OK, I see. The Python/Ruby guys will first have to send an HTTP request to your LogOn action (by providing the username and password) to retrieve the forms authentication cookie and reuse this cookie on subsequent request to the Web API actions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.