I have 2 asp.net core web applications: REST API and React UI. React UI uses default Individual User Accounts option for authenticating. They are separate solutions.
What I want is to authenticate in API using this default authentication. But I'm don't know how can I do this. So what I want is
Make a call from UI -> Grab user credentials -> Go to API method -> Validate user (e.g. role) -> Return response
As far as I know, default authentication sets AspNetCore.Identity.Application cookie that used for auth in react. Probably, I can somehow parse it or just use it to authenticate on API side. I thought it's JWT token, but seems like it's not
Add a comment
|
1 Answer
React application sends request:
- Url: /auth
- Body: JSON.stringify({username: "john", password: "password123" })
REST API handles /auth request
- Validate that username exists
- Checks that password is correct
- Either sets a cookie that the user is signed in or returns a token that the React app can save for future requests
React app sends request to get items
- Url: /items
- Headers, include token or set withCredentials to pass cookie
REST API handles /items request
- Makes sure cookie/token is set
- Validate token/cookie
- Return items if everything is ok.
1 Comment
Nicefsf
Well, that's good explanation, but I'm already familiar with this scheme, my question is more about how can I use default auth. At least I know react sets cookies
.AspNetCore.Antiforgery and AspNetCore.Identity.Application. My question is about how can i validate those cookies in my API because I don't really want to implement this logic token generation myself, only token validation on API side