5

I have a legacy ASP.NET webforms application in which users login via a form that is processed server-side. If the entered username + password match to credentials in the database, I set some values in the sessions (e.g., the current user ID) and perform a Response.Redirect afterwards. I'm also creating a HttpCookie for a "automatically relog me next time I visit" functionality.

Currently, I'm also adding WebApi support into that web application. I've managed to implement token authentication which allows me to login on the client side.

How can I combine both authentication approaches? I want to the user to enter his credentials once, get authenticated on the server side and on the client side an redirect the users to another page after authenticating.

citronas
  • 17,809
  • 26
  • 85
  • 155
  • 2
    Can you please elaborate on what you want to achieve? Which authentication method would the user use to authenticate once, and how is that related to the other method? Do you want your user to authenticate via forms and then be able to use the token-based webAPI? (Also how does the cookie for automatic relogin work? That sounds like a vulnerability to me, but obviously I don't know the details.) – Gabor Lengyel May 29 '17 at 23:12
  • See https://stackoverflow.com/questions/549/the-definitive-guide-to-form-based-website-authentication?rq=1 – s3raph86 Jun 02 '17 at 03:53

2 Answers2

0

The following code will create a cookie to keep user logged in.

// login etc
        if (chkRemember.Checked)
        {
            // calculate the total number of minutes in 20 days to use as the time out.
            int timeout = (int)TimeSpan.FromDays(30).TotalMinutes;

            // create an authentication ticket
            FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(txtUserName.Text, true, timeout);

            // Encrypt the ticket
            string encrptedTicked = FormsAuthentication.Encrypt(ticket);

            // create the cookie for the ticket, and put the ticket inside
            HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encrptedTicked);

            // give cookie and ticket same expiration
            cookie.Expires = ticket.Expiration;

            // Attach cookie to current response. it will now to the client and then back to the webserver with every request
            HttpContext.Current.Response.Cookies.Set(cookie);

            // send the user to the originally requested page.
            string requestedPage = FormsAuthentication.GetRedirectUrl(txtUserName.Text, false);
            Response.Redirect(requestedPage, true);
        }
        else
        {
            // login without saving cookie to client
            FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, false);
        }
M_Griffiths
  • 461
  • 5
  • 23
-1

You can use token based authentication in webapi using Angular JS. Visit following link http://www.dotnetcurry.com/aspnet/1223/secure-aspnet-web-api-using-tokens-owin-angularjs

Ravikumar
  • 589
  • 7
  • 19