Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Craig 34 posts 270 karma points
    Aug 21, 2018 @ 08:49
    Craig
    0

    Umbraco Web API Authentication from non-Umbraco ASP.Net MVC website

    Hi,

    I have a scenario where I have two websites. One is a standard ASP.Net MVC web application with membership and the other is an Umbraco powered website.

    From the MVC website I want to post data to the Umbraco website and had figured creating a Web API on the Umbraco website would be the way to do this but I am having trouble understanding how to authenticate the request.

    I've seen lots of good examples on how to protect an Umbraco Web API method so am happy enough with that and also have a back office user account set up in Umbraco that has the necessary permission to access the API methods. So running the API methods when I'm logged in to the back office is okay.

    In reality though no users will be logged in to the Umbraco back office so I need a way of sending an authentication request from the MVC web application to the Umbraco Web API so that I can then get access to the secured API methods from the MVC web application.

    Any help would be very much appreciated.

  • Phil Atkinson 51 posts 244 karma points
    Aug 21, 2018 @ 09:28
    Phil Atkinson
    0

    Obviously you can't use backoffice authentication to do this (unless you are going to auto login the MVC app prior to the call).

    Another option (as we used) is to secure the API with a custom API key that only the MVC application knows.

  • Craig 34 posts 270 karma points
    Aug 21, 2018 @ 10:10
    Craig
    0

    Thanks for the reply Phil.

    I had originally been considering the auto login idea with the API returning a token to the MVC application which it would then use for all future requests within the session.

    Your idea of securing the API with a custom key is interesting though. Presumably you send this encrypted in the message body?

  • Phil Atkinson 51 posts 244 karma points
    Aug 21, 2018 @ 12:24
    Phil Atkinson
    100

    encrypted in message header

  • Craig 34 posts 270 karma points
    Aug 22, 2018 @ 13:43
    Craig
    0

    Thanks Phil

  • Marcel van Helmont 68 posts 259 karma points c-trib
    Aug 21, 2018 @ 11:16
    Marcel van Helmont
    0

    Have a look at the repo of Warren

    https://github.com/warrenbuckley/Umbraco-JWT-AuthTokens

    Dont know if it works on the latest umbraco version. But maybe you have some inspiration

  • Craig 34 posts 270 karma points
    Aug 22, 2018 @ 13:44
    Craig
    0

    Thanks Marcel.

  • Antonio Messina 4 posts 74 karma points
    Jun 15, 2020 @ 16:18
    Antonio Messina
    0

    Hi Craig, have you found some solution? I've your same problem to manage. I couldn't figure out how to secured web api for an external client, i.e. allow authentication and authorization before to send resources.

    Thank you

    Antonio

Please Sign in or register to post replies

Write your reply to:

Draft