Identity server ,web Api and Client in the same project, force Web APi to use Token instead of cookie

[learntecno]

Hi joeaudette, In my Project I have to host auth Server , Web API in the same project or host, since cookie is enable for AuthServer ,How do I force the Web API to use only Tokens and not cookie. Thanks,

[joeaudette]

I "think" in asp.net core 1.x you could do that as long as all your apis start with /api, you could branch the middleware with app.UseWhen. This question on stackoverlfow looks like it has a working example but the answer is in the question, he updated it based on comments: https://stackoverflow.com/questions/45549067/how-to-use-jwt-for-asp-net-core-apis-and-cookies-for-mvc-separately

but that answer looks like asp.net core 1.x code, now in 2.0 things are a lot different, app.UseJwtBearerAuthentication is now obsolete so I am not sure off the top of my head.

I think a good place to ask that question is on this issue: https://github.com/aspnet/Security/issues/1338

[learntecno]

Thank you! @joeaudette

[joeaudette]

@learntecno did you find a solution? if so can you share it?

[learntecno]

The easiest way is to use Authorize attribute by passing the schema(Bearer) in the Web API. (we don't need to control in the startup, we can have both Cookie and Token provider)