How to allow editing userinfo through WebApi

[marzoukali]

Now i have identityserver v3 and i using AspNetIdentity as user service.

I implementing implicit flow to allow user go to login page to login from mobile application web view and resource owner flow for testing purposes.

I using methods like: AuthenticateLocalAsync(...) and AuthenticateExternalAsync(...) for authenticating local and external users.

and i used AspNetIdentity UserManager for sending confirmation mail, reset password, etc.

For example:

 public async Task<string> GeneratePasswordResetTokenAsync(string userId)
        {
            return await _userManager.GeneratePasswordResetTokenAsync(userId);
        }

        public async Task<IdentityResult> ResetPassword(string userId, string code, string newPassword)
        {
            Entities.User user = _userManager.Users.Where(u => u.Id == userId).FirstOrDefault();
            return await _userManager.ResetPasswordAsync(userId, code, newPassword);
        }

and i created an MVC Views to handle resetting password and etc.

Every thing fine till now but now i want to create a WebApi endpoint to allow editing user info for example i will create a service method to do:

_userManager.UpdateAsync(user);

and i will create an API endpoint to call it, but now how can i do that or how can i protect this endpoint.

should i send an authorization header with a valid bearer token to this endpoint to allow editing this user or what is the case?

Is it any tutorial or sample on how to do that?

[marzoukali]

any updates ??

[brockallen]

This would be some separate Web API and you could call it from your user service in IdSvr.