Implement authentication

mariannemyers / slush-marklogic-dotnet

slush generator for an Angular/ASP.NET Core/MarkLogic application

Other

0 stars 0 forks source link

Implement authentication #10

Closed mariannemyers closed 7 years ago

mariannemyers commented 7 years ago

Implement authentication in the middle tier using ASP.NET best practices. See #6 and PR #8 for the original implementation without authentication.

mariannemyers commented 7 years ago

This looks to be the right approach: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie

Here are a few good blogs posts on the topic: http://andrewlock.net/introduction-to-authentication-with-asp-net-core/ http://andrewlock.net/exploring-the-cookieauthenticationmiddleware-in-asp-net-core/

mariannemyers commented 7 years ago

The Cookie Middleware is not needed for this. Follow the same pattern used by the Node version and utilize the Session. Capture the call to /api/user/ in with a request delegate in the application pipeline. On the initial call, pass the credentials to MarkLogic to authenticate the user and then store an the username and an authenticated bool in the Session. On subsequent checks to /api/user/, check the authenticated bool. Thanks for the tips @bluetorch.