不记名令牌MVC 5的Web API登录 [英] MVC 5 Web API Login without Bearer Token
问题描述
长话短说。我在每一个页面的标题中的登录表单,当我登录成功它工作正常,但是当用户不正确,例如它重定向到默认的登录页面与模型(即最初是MVC项目创建的视图)错误。我不想这样做,我想表明的错误旁边的登录表单不重定向。所以,我决定实现通过Web API登录 - 即它 $阿贾克斯 jQuery的请求登录API控制器,试图以登录用户,如果需要,那么我会返回错误可以输出他们,我想。
Long story short. I have a login form in the header on every single page, when I log in successfully it works fine but when the user is incorrect for example it redirects to the default login page (a view that was originally created with MVC project) with the model errors. I don't want to do that, I want to show errors next to the login form without redirecting. So I decided to implement a login via WEB API - i.e. it does $.ajax jQuery request to the Login API Controller, tries to log user in and returns errors if needed so I can output them where I want.
我见过的所有例子说,使用承载访问令牌。我不明白为什么我需要走这条道路 - 保存令牌的地方,并通过它与集管的每一个请求一起?这就是我在登录API控制器所做的:
All examples I've seen say to use Bearer Access Token. I don't understand why would I need to go this path - save the token somewhere and pass it along with every single request in the headers? That's what I did in my Login API Controller:
var user = await UserManager.FindAsync(model.UserName, model.Password);
if (user != null)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
Authentication.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
}
else
{
error = "Invalid username or password.";
}
这是当你创建MVC5项目,是现成可用的相同的功能。我刚刚搬到从常规控制器API控制器。和它的作品,而不需要采取一些无记名的访问令牌的照顾。什么是它的点,如果你可以只是做像我一样?我认为它只是使请求更复杂,当你使用承载令牌。我缺少什么?
This is the same functionality that is available out of the box when you create MVC5 project. I just moved it from regular controller to API controller. And it works without needing to take care of some bearer access tokens. What's the point of it if you could just do it like I did? I think it just makes requests more complicated when you use bearer token. Am I missing anything?
推荐答案
据我了解这一点,当你需要与在相同的登录的前端,我们的网站进行身份验证另售的后端承载令牌会更有意义一个通过这样的后端可以看到的要求作为来自同一用户的到来。
As I understand this, the bearer token would make more sense when you need to have a separately available backend authenticated with the same login as the front end we site in a pass through so the back end can "see" the request as coming from the same user.
您可以验证,通过这种方式登录后两者前端网站和后端API发送相同的会话cookie,如果是这样,你是金。如果在不同的领域,你可能有这问题,但否则不是。如果是这样,那么令牌承载给该用户传递到后端可回来发挥作用。
You can verify that after logging in this way both the front end web site and backend api are sending the same session cookie, and if so you are golden. If on different domains, you may have problems with that, but otherwise not. If so, then a bearer token to pass that user to the backend may come back into play.
这篇关于不记名令牌MVC 5的Web API登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
