I'm having problems with understanding the concept of its use with several projects. Assume I have 4 projects
- Business.Services
- Presentation.MVC
- Presentation.WebApi
Business.Services is the project where all the business logic and db connections occur. MVC, Web Api project references services to call business logic. MVC and web api does not have any interaction with each other because they are completely for different purpose in my case. Web Api only stands for dealing with mobile client requests/responses.
In my MVC project I provide a login to my users and after making a successful login I create FormsAuthenticationTicket
and with the help of this ticket I execute a custom authorization if the user is available for specified action. In addition to this, I create IPrincipal based on my FormsAuthenticationTicket
data in Authorization. After setting this I can reach it with like HttpContext.Current.User
.
On the other hand, in my Web Api project, Basic authentication is needed for all requests. There is a login action where user needs to send LoginName and Password in order to get a token that is going to be used for future requests. Once token is retrieved by client, client adds ?token parameter at the end of query string. When the request reaches the Web Api, it enters my CustomAuthorizationAttribute
and again check if the user is eligible for that request. Moreover, I set Thread.CurrentPrincipal
and HttpContext.Current.User
to a IPrincipal
object which is determined by token.
These are for now so far so good. The problem starts off here. I wanted to put SignalR into my Presentation.WebApi project. As far as I understand OWIN is on top of all of MVC, WebApi, thus, we don't need to have authentication system if we have already one. So that the first question is: how can I create authorization over this signalr? I get the Context.User(IPrincipal) naturally null. It seems ok because in my web api IPrincipal object was set by per request in CustomAuthorizationAttrbute
. Moreover, how can I authorize user coming from Presentation.MVC
? Should I provide a new method for mvc user that provide a token to him? May I use it's FormsAuthenticationTicket data in order to make it authorize?