可以在ASP.NET Web API和SPA中使用基于cookie的身份验证吗? [英] Is possible to use cookie based authentication with ASP.NET Web API and SPA?

问题描述

我想创建一个基于angularjs前端和ASP.NET Web API的Web应用程序.我需要创建安全的api，但不能在将要实现此Web应用程序的公司服务器上使用基于令牌的身份验证.

I want to create the web application which will be based on angularjs frontend and ASP.NET Web API. I need create the secure api but I can't use the token based authentication on the company's server where will be implemented this web application.

是否可以将基于cookie的身份验证用于SPA和ASP.NET Web API?

Is possible use the cookie based authentication for SPA and ASP.NET Web API?

在这种具有SPA和Web API的情况下，如何在ASP.NET项目上配置基于cookie的身份验证?

How can I configure the cookie based authentication on the ASP.NET project for this scenario where I have the SPA and Web API?

推荐答案

基于后端API应用程序的SPA中当前使用基于令牌的身份验证是为了克服基于cookie的身份验证的局限性，但是既然您决定使用它，则可以使用 OWIN cookieAuthentication中间件，这会很有用. 这是一篇文章，显示如何在Asp.net项目中配置 OWIN cookie身份验证中间件(无论是WebApi还是MVC应用程序).

The TokenBased Authentication is currently used in SPA based on BackEnd API applications is to overcome the limitation of cookiebased authentication But since you have decided to go with it then you can use OWIN cookieAuthentication middleware which will do the needful. Here's an article showing how to configure the OWIN cookie authentication middleware in Asp.net project(No matter if it's WebApi or MVC application).

这篇关于可以在ASP.NET Web API和SPA中使用基于cookie的身份验证吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！