Geek Answers Handbook

ASP.NET 5 (vNext) / API / OAuth / OpenID / Tokens / Cookies / What do I really need?

I have an existing project that I am looking for to migrate to ASP.NET 5.

This is currently a simple ASP.NET Web Forms project that references two DLLs:

  • Domain.dll containing all the business logic
  • Data.dll containing all data access code

Usually I don’t need to touch the two DLLs that are currently working fine. Now I would like to replace the ASP.NET Web Forms project with two new components:

  • External SPA with angular2
  • Web API with ASP.NET 5 (vNext)

I played with the templates available in VS2015, I also read everything I could about authentication, and I have to say that now I'm even more confused about what I really need ... :(

Do I need MVC in my internal API? All examples are executed using ASP.NET MVC, but if I have a fully working SPA interface, I just don’t need a simple RESTful service?

What do I need for authentication? Do I need ASP.NET authentication? Is Identity a new version of the old membership? Does he care about making tokens? I already have a production database with all my users and hashed passwords. My assembly of Domain.dll also has all the necessary code to verify user credentials.

What do I need if I want to allow other login services like Google or Facebook? I created several web applications using both ASP.NET 4.5 and ASP.NET 5 templates to see how everything is done, but where confusion worsened. The ASP.NET 4.5 template uses Owin stuff (which I am not familiar with), and the ASP.NET 5 template does not.

Ideally, here I would like: I would like to create a web API project with a minimum number of dependencies, I would like to avoid using sessions and cookies, and I would like to be able to use Google and Facebook services to log in.

Thanks!

+6
source share
1 answer

I will say that ... it sounds like a complete rewrite.

Release your glasses ...

Do I need MVC in my internal API?

In ASP.NET 5 , we no longer have MVC and WebAPI. They are both very similar in terms and merged. It's all about what you return. If you return the IActionResult character, it will beat in Razor and ViewEngines. If you return the object, it will attempt to serialize your object based on the HTTP headers (which is what WebApi does).

Don't I need a simple RESTful service?

If you have a full app for your Angular SPA app? Yeah. This is all you need, and all this MVC thing is optional. You just need to create a web api. Here we have a good tutorial on how to do this.

What do I need for authentication?

I would highly recommend SSO. This reduces the need to re-implement authentication yourself. If you are more of a public app, try supporting Facebook / Twitter / Google. If this is a business application, Azure AD can do the job, but at this point it depends on what your client has ... it may not be the best solution.

Do I need ASP.NET authentication?

No, but for ASP.NET 5 / MVC6 is this the only thing that exists right now, right now? Yes, you are all, but the whole ASP.NET system is designed to be replaced in every place of the system. Identity does not use the old membership system. It uses claims and that is a completely different subject.

Identity will take care of everything you need to authenticate each request (tokens, etc.). Good news? It supports Facebook, Google and many others.

More here

Basically, ASP.NET 5 is a huge pipeline with dependency injection as a first-class citizen. Adding an item to a pipeline makes them available to those who later have a pipeline.

This pipeline is configured in Startup.cs and is divided into 2 steps. ConfigureServices , where dependency injection is located, and Configure , where the actual pipeline elements are added. Want to replace the default recorder? ConfigureServices. Want to add an item to the pipeline? Customization.

What is that really!

Recommended reading:

+14
source

More articles:


All Articles