Search code examples
asp.net-mvcasp.net-identityowinasp.net-web-api2

ASPNet Identity Authentication MVC5 Client web site->Auth Server-> Web API server

I'm a newbie for ASPnet identity services and we require a following requirement.

Following is the architecture setup

1. Appserver

Appsever having
a. Entity Framework
b. ASP.Net Web API2 Odata services
c. Authorization server

2. Webserver

ASP.Net MVC 5 application (Client which access the App server)

The flow needs to be

  1. MVC5 Cleint application having a login / Register form

  2. While register / login the information needs to send to the authorization server int he app server, Authorize and creating the claims using Identity Services.

  3. Once the Identity has been created in the Authorization server, the client application should logged in

  4. I'm aware of getting bearer token from authentication server and that will be used as header information to access the API service

All we are lacking is the MVC client application should use the same identity claims that have created in the Authorization server.

Is there any way to access the claims which are created in the auth server.

I have got some samples about how to authenticate in the auth server and receiving token though OWIN and from this token we can access the API securely but I need of the client web application needs to sign in based on the token

I have gone through the following links

http://blogs.msdn.com/b/webdev/archive/2013/09/20/understanding-security-features-in-spa-template.aspx

Also, I require to add claims when ever it requires after login as well

Solution

  • I have resolve this issue as follows, but I'm not sure this is the effective method

    1. Once log-in and retrieve the bearer token (this token should assigned with claims identity already such as username, role .. etc)

    2. In the web api AccountController, need to create a method to retrieve the default claims which requires for client web application. Please check the follows

      [Authorize]
[HostAuthentication(DefaultAuthenticationTypes.ExternalBearer)]
[Route("UserInfo")]
public UserInfoViewModel GetUserInfo()
{
    var firstname = ((ClaimsIdentity)User.Identity).Claims.Where(c => c.Type.Equals("FirstName")).SingleOrDefault();
    var lastname = ((ClaimsIdentity)User.Identity).Claims.Where(c => c.Type.Equals("LastName")).SingleOrDefault(); 

    var IsApproved = ((ClaimsIdentity)User.Identity).Claims.Where(c => c.Type.Equals("IsApproved")).SingleOrDefault();

    var userinfo = new UserInfoViewModel
    {
        UserName = User.Identity.GetUserName(),
        FirstName = firstname.Value.ToString(),
        LastName = lastname.Value.ToString(),
        UserApproved = Convert.ToBoolean(IsApproved.Value.ToString()),
        HasRegistered = externalLogin == null,
        LoginProvider = externalLogin != null ? externalLogin.LoginProvider : null
    };

    return userinfo;
}

    3. From the client, this actin will be called through the token as a header.

    4. Once we have got the information (is in Json string format) needs to serialize with the UserInfoViewModel class (user defined viewmodel is based on the info we require and send from webapi account) with javascript serializer

    5. Using these viewmodel information, assign them to local storage and using (cookies for my case) as a identity at local

    6. keep logout webapi too when ever you logs out from web app.

    Please let me know if you need more info or code