Closed mariannemyers closed 7 years ago
This looks to be the right approach: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/cookie
Here are a few good blogs posts on the topic: http://andrewlock.net/introduction-to-authentication-with-asp-net-core/ http://andrewlock.net/exploring-the-cookieauthenticationmiddleware-in-asp-net-core/
The Cookie Middleware is not needed for this. Follow the same pattern used by the Node version and utilize the Session. Capture the call to /api/user/ in with a request delegate in the application pipeline. On the initial call, pass the credentials to MarkLogic to authenticate the user and then store an the username and an authenticated bool in the Session. On subsequent checks to /api/user/, check the authenticated bool. Thanks for the tips @bluetorch.
Implement authentication in the middle tier using ASP.NET best practices. See #6 and PR #8 for the original implementation without authentication.