rest - Web API 2 use Windows Authentication for public users -
how use windows authentication in web api internal users on public network? rest api public facing , need authenticate intranet users internet users. basically, not on active directory won't able access , 1 more ad groups authorized.
the rest service @ moment has security filter validate token using attribute filter.
public class restauthorizeattribute : authorizeattribute { private const string securitytoken = "token"; public override void onauthorization(httpactioncontext actioncontext) { if (authorize(actioncontext)) { return; } handleunauthorizedrequest(actioncontext); } private bool authorize(httpactioncontext actioncontext) { try { httprequestmessage request = actioncontext.request; //extract token request. work all. // e.g \api\facilitiles\token\298374u23lknndsjlkfds== // \api\ward\123\token\298374u23lknndsjlkfds== string path = request.requesturi.localpath; int indexoftoken = path.indexof(securitytoken) + securitytoken.length + 1; string token = path.substring(indexoftoken); bool isvalid = securitymanager.istokenvalid(token, ipresolver.getip(request),request.headers.useragent.tostring()); return isvalid; } catch (exception ex) { string av = ex.message; return false; } } } this applied specific controllers this:
[restauthorize] [routeprefix("api/patient")] [enablecors(origins: "*", headers: "*", methods: "*")] public class patientdetailscontroller : apicontroller { patientdetailsretriever _patientdetailsretriever; // get: api/patient/meds/personid/{personid}/token/{token} [route("meds/personid/{personid}/token/{token}")] [httpget] public httpresponsemessage getmeds(int64 personid, string token) { list<medication> meds; ..... the client generates token includes username, password , domain , among other things.
enabling windows authentication in iis (web.config) enough validate local users. how work when user outside network , sends in credentials?
i have found answer on post.
//create "principal context" - e.g. domain (could machine, too) using(principalcontext pc = new principalcontext(contexttype.domain, "yourdomain")) { // validate credentials bool isvalid = pc.validatecredentials("myuser", "mypassword"); }
Comments
Post a Comment