Hi all,
I have been looking through and trying out the various tutorials related to Web API 2 security but have not found what I am looking for (or have not recognised it if I have seen it).
Other than the example on Individual Accounts in Web API found here (http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api) all the examples I have found seem to concentrate on client websites using the external providers (e.g. Microsoft, Facebook, Google etc) but not passing that authentication onto a Web API service.
What I want to know is the pattern I should follow to allow a user on a client site (A) to login using one of the external provider and then access the services on a REST service authored using Web API 2 (site B).
Would you for example have a database for the Client site with a membership database that is used to capture the necessary security tokens. When a user registers on the client would the client then immediately register that user on the Web API 2 service by POSTing to it's api/Register or api/RegisterExternal interface?
With reference to the Individual Account in Web API tutorial I mention above I have tried using Fiddler to POST to the RegisterExternal interface (e.g. URI: http://localhost:port/api/Account/RegisterExternal) passing a Username but I just get a 401 back. Have I misunderstood how this is supposed to work?
Is there a tutorial or documentation anywhere on how this should be done?
Regards,
Phil