No Individual User Accounts auth option in ASP.NET Core Web API template

35
votes

I am a bit confused as to why there is no Individual User Accounts authentication option in the latest ASP.NET Core Web API template.

Is it still possible to implement individual user accounts the way that the MVC template does or would it not make sense?

Let's say I am creating a stand-alone web API that is going to have all of my business logic and data layer that accesses the database which has the AspNet Identity tables. I plan on making calls to this API w/ an MVC app.

I know one way of doing this is to create an asp.net MVC app w/ individual user accounts auth and simply build the API right within the MVC app using a controllers/api folder. However, I don't want to do it this way because I want the API to be its own standalone project that can be hosted on a completely different server and accessed by multiple applications, not just an MVC app.

Can someone lead me in the right direction on how authentication typically works in this scenario since there is no template?

2
asp.netasp.net-web-apiasp.net-coreasp.net-identityasp.net-core-webapi
You can copy the relevant bits, but WebAPI and MVC are essentially one single API now. Only difference is that you don't have views and how the default route is configured. For WebAPI you usually don't want individual accounts as by default it has no means of creating accounts (which is built in MVC template). You likely want to use OAuth or OpenID authenticaiton for WebAPI rather than authenticating with username & password. Since ASP.NET Core doesn't offer any OAuth Server middleware anymore, you have to use OpenIddict or IdentServer4 for authorization - Tseng
So Indiviudual accounts are pointless in the WebAPI template - Tseng
@Tseng thanks for the answer. So what I am still not understanding is the following: Lets say my MVC app has a login form. That login form should be sending some sort of ajax request w/ Username and Password to the api for authentication and authorization right? Then the API responds and a cookie or something is set? I just want to make sure I am in the right mindset and on the right path. - Blake Rivell
Looking forward to see more development on this query. - Super Coder
@Tseng you say ASP.NET Core Identity individual accounts templates is pointless in ASP.NET Core WebAPI template since OpenID authentication would be used for WebAPI rather than authenticating with username & password but how can the choice of using WebAPI in the backend dictate user experience in a front end client. I have users that do not want to do not have an OpenId account with any existing OpenId providers, how do they authenticate? They should be able to register with a username and password shouldn't they? - Brian Ogden

2 Answers

10
votes

Individual User Accounts authentication option for the ASP.NET Core Web API is available in .NET Core 2.0 Preview 1.

Unfortunately .NET Core 2.0 Preview 1 isn't available in VS 2017 release.

But you can install Visual Studio 2017 Preview (you can use it side-by-side with VS 2017 stable version) :enter image description here

4
votes

I think you can use IdentityServer4 which allows implementing single sign-on and access control for ASP .NET Core Web APIs using protocols like OpenID Connect and OAuth2. It offers integration with ASP.NET Core Identity and Entity Framework Core.

You will need to install to the following nuget package:

Install-Package IdentityServer4

and add the IdentityServer middleware to the HTTP pipeline:

app.UseIdentityServer();

You can find several quick start samples here or follow this article.