1

Suppose we have an application with multiple layers in .Net:

  • Domain layer (entities)
  • Data access layer (entity framework)
  • Business layer
  • Web Services layer (Web Api)
  • Presentation layer (MVC)

Now I want to add token authentication for web services layer. The usual recomendation is to use a standar login/authentication implementation (libs, frameworks) and don't code it, so I want to use ASP .Net Identity token authentication. How I should do it?

I should put Asp .Net Identity in a class library? Create the tokens in business layer?

gnat
20.5k29 gold badges117 silver badges308 bronze badges
asked Feb 24, 2016 at 13:40

1 Answer 1

1

Do not create tokens in the business layer unless your company's business is security. It can either be its own project or part of the web api. The web api is, after all, the trust border for the application, and the tokens are likely translated (by web api) into user objects for your other layers.

Ideally, you shouldn't handling this in your own code at all. But instead, use a separate token service (like IdentityServer3). However, that does create more integration work, CORS concerns, etc.

answered Jun 14, 2016 at 22:07

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.