Our organization has several homegrown Web APIs, I'm in the process of trying to secure them.
I don't need to perform any additional authentication/authorization as the Umbraco Backoffice has done that for me... Because my backoffice user is logged in and the Umbraco Backoffice manages my session, I want to use that in my external Web API authentication/authorization workflow.
IdentityServer4 seems to me the way to go, but I'm missing something fundamental in how to execute my idea.
I think, conceptually, my idea is that my app_plugin automagically handles the authN/authZ via angularjs/ajax calls to the web api/IS4 using the Umbraco UsersResource/AuthResource ...
Below is a basic representation what I'm trying to accomplish. If there is an easier or less over-engineered way to accomplish this - any recommendation/assistance would be appreciated.
What I'd like to do is get an initial token from umbraco to pass to either my API or the IS4... has anyone tried doing this?
Authenticating external API
Our organization has several homegrown Web APIs, I'm in the process of trying to secure them.
I don't need to perform any additional authentication/authorization as the Umbraco Backoffice has done that for me... Because my backoffice user is logged in and the Umbraco Backoffice manages my session, I want to use that in my external Web API authentication/authorization workflow.
IdentityServer4 seems to me the way to go, but I'm missing something fundamental in how to execute my idea.
I think, conceptually, my idea is that my app_plugin automagically handles the authN/authZ via angularjs/ajax calls to the web api/IS4 using the Umbraco UsersResource/AuthResource ... Below is a basic representation what I'm trying to accomplish. If there is an easier or less over-engineered way to accomplish this - any recommendation/assistance would be appreciated.
What I'd like to do is get an initial token from umbraco to pass to either my API or the IS4... has anyone tried doing this?
is working on a reply...