I am using Ping to authenticate users in a Angular/.NET Web API stack, utilizing WIF. WIF works out of the box by just putting in the correct configuration in web.config in a MVC or web Forms application. It intercepts any call to a page/controller requested and if no token available redirects to Ping for authentication.
Q1
In my stack that wont work as the web portion of this application is html/Angular. I could put the Ping configuration into the web api config file and then when angular calls the api, WIF will intercept it and (hopefully) redirect user to ping. But not sure if web api can do a http redirect. Also, pages that probably don't do a api call will load up just fine without authentication...
Q2
Lets say Issue 1 is resolved and user authenticates himself at ping, ping will need to send that assertion to the web api layer and not to html/Angular as it is a POST response. That is fine and web api will check the Claims object to get the user info. After which we will need to redirect the user to go back to the page he was trying to access, which now, app will not know anymore. Also how to achieve http redirection from web api.
Q3
Is there a way for Ping to post to a html/angular page?
Thanks for your help...
Due to the RESTful nature of APIs, they will not be able to do an HTTP Redirect. Even if they could it would be during an AJAX call and not affect the browser.
Out of the box WIF only supports the following protocols:
I suggest using the OAuth 2.0 Implicit Grant Type for the Angular/WebAPI portion.
That being said, the claims-based identity provided by WIF and OAuth are really complimentary. You could write an OAuth extension for WIF similair to the one referenced here: https://msdn.microsoft.com/en-us/library/azure/gg193416.aspx
This is what I imagine the flow would look like: