Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Jin 11 posts 91 karma points
    Oct 26, 2018 @ 18:29
    Jin
    0

    Umbraco as authorization server

    Hi,

    I have a umbraco site where my frontend users is created as members in umbraco, and is logged in with the membership provider, pretty straight forward.

    Now i want to add an API, not a umbracoapicontroller, but a normal web api in .net core, running in a different domain. The web api is callled server to server.

    What i would like to do is to assign different levels of access in the api based on the groups the member is in in umbraco.

    What i am currently thinking of doing is when the member creates a New profile or logs in, i create a jwt token in umbraco with the members groups etc. This token is set either in session or as a cookie and attached as a bearer token when calling the API.

    In the api i want to verify the token and signature using the secrets used to sign it in umbraco. And then check the role claims for access.

    Is it the wrong way to go about doing something like that?

    Does functionality to do this already exists?

    Any suggestions to achieve this?

  • John Bergman 483 posts 1132 karma points
    Oct 26, 2018 @ 18:31
    John Bergman
    0

    Check out AuthU, it will get you at least part of the way there, we use it for mobile app authentication against our umbraco, and now that it supports a newer JWT, it is more compatible with other things as well.

  • Jin 11 posts 91 karma points
    Oct 26, 2018 @ 18:32
    Jin
    0

    Thanks John, i will give it a look

Please Sign in or register to post replies

Write your reply to:

Draft