Share via

Verify User Login credentials via web service

John Straumann 21 Reputation points
2023-02-06T15:44:45.78+00:00

Hello all:

I am messing with a web site created with MVC and Individual Accounts for Authorization, so in my DB I have the table AspNetUsers, and in the code the Login method calls:

var result = await SignInManager.PasswordSignInAsync(model.EmailAddress1, model.Password, model.RememberMe, shouldLockout: false);
I am looking into creating a MAUI app for mobile, and wondering if the Authentication can be set up as  Web Service on Azure, so that the AspNetUsers table and Authentication is used for both the web app and the MAUI app? So I need to set up the code in the Webservice to query teh SQL DB, get the User Data from AspNetUsers, and verify the password, I guess against the PasswordHash field. It appears the Project created by Visual Studio includes all kinds of supporting classes that do not work in the Web Service

If so, does anyone know of a tutorial and/or documentation on how to do that? I searched but articles I found seem out of date.

Thanks for any and all input.

John.

Developer technologies .NET .NET MAUI
Developer technologies ASP.NET Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bruce (SqlWork.com) 77,686 Reputation points Volunteer Moderator
    2023-02-06T16:11:42.3+00:00

    you can write web service that call the signin api. with a web site, the code sets a cookie, but this will not work with a Maui app. Typically you would use a bearer (jwt) token instead.

    you don't say which framework you are using. the solution will depend on which framework you are using, but the aspnetusers table suggests the old mvc 3 membership. Hard to even find docs on this anymore. You should really take this opportunity to upgrade to the current identity system. any to add token support, you will need to override the onauthenticate event in global.asax and add support for a bearer token.

  2. AgaveJoe 30,126 Reputation points
    2023-02-06T16:44:45.32+00:00

    REST services typically use a JWT to secure access to resources. The service will have a login action and if the login is successful a JWT is returned. From that point on the client (MAUI app) will send the JWT to the service to gain access. I assume you would use Core for the new service.

    .NET 6.0 - JWT Authentication Tutorial with Example API

    For .NET 4.8, you can take advantage of OWIN authentication libraries

    Web API Token Based Authentication using Microsoft OWIN

    Keep in mind, PasswordSignInAsync, creates an authentication cookie not a JWT. If you decide all logins must go through the new web service then you'll also have to adjust the MVC code and manually create the authentication cookie after a successful login which is also a OWIN library in .NET 4.8. Or use forms authentication.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.