0

I am looking for a good approach for implementing intranet Web Application using Web Api(2) with Asp.net MVC(5). Application is designed in such a way that we use AngularJS SPA at client side and in server side MVC with Web Api as a single application/web site. MVC is because we have to restrict the operations based on the security permissions. We don't render the action buttons(eg. Save, Delete etc) when we call MVC controller for views if the user does not have permission. Other operations are utilizing Web API methods to Save, Delete etc,

Basic idea is

MVC Controllers are for generating views with action buttons removed if the user doesn't have permission(html templates for AngularJS). Data Manipulation is through Web API(AngularJS $http service web api calls)

Questions here

How do we derive an authentication mechanism which we can utilize for both MVC and Web API? (We can create Authentication filters but we have to create separate filters for MVC and Web API, right?)

Once the user is authenticated how do we share this info with both MVC Controller and Web Api controller instead of validating the user each request from angular js?

Is it possible to use ASP.Net forms authentication for both MVC and WebApi for authentication?. If so how do we do that?. Will forms authetication token validates for both MVC controller and Web Api controllers automatically using [authorize] attribute?

Also I would like to know, is it a good approach mixing MVC with WebApi with in a single application?

Improve this question
6
  • So you don't want to use the built-in authentication (e.g. Identity with Accounts/Roles then use AuthorizeAttribute)? Commented May 21, 2014 at 18:36
  • Yes we can but we need to handle it separately for MVC and Web API, right? Commented May 21, 2014 at 18:39
  • Is your Web API in a separate server / project than the MVC website? Commented May 21, 2014 at 18:41
  • Web API and MVC are in single application Commented May 21, 2014 at 18:42
  • 3
    If they are in the same application, they already share the same context (Http/Owin) and can be authenticated the same way. The authorization filter are in different namespaces for Mvc/WebApi but they work the same. In any case, you could create your own authorization filter and implement the interfaces for both MVC and WebApi (IAuthorizationFilter in System.Web.Mvc and System.Web.Http.Filters) to centralize your custom logic. Commented May 21, 2014 at 18:46

1 Answer 1

Reset to default
1

Its a feasible option but not a recommended option.

Since WebApi operation will be inheriting from ApiController

and MVC controller action will be inheriting from Controller Class.

If you want to define route for api and mvc controller then you need to register the route like this in Global.ascx in

Application start

GlobalConfiguration.Configure(WebApiConfig.Register);
RouteConfig.RegisterRoutes(RouteTable.Routes);

RouteConfig Class

    public static class RouteConfig
        {
            public static void RegisterRoutes(RouteCollection routes)
            {   

    .....
    ....
routes.MapRoute(
                name: "Default",
                url: "{controller}/{action}/{id}",
                defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional }
            );
    }
    }

WebApiConfig Class

public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // TODO: Add any additional configuration code.

            // Web API routes
            config.MapHttpAttributeRoutes();
            config.Formatters.XmlFormatter.UseXmlSerializer = true;

            config.MessageHandlers.Add(new YourMessageHandlers());

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{action}/{id}",
                defaults: new {  id = RouteParameter.Optional }
            );
        }
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.