Authentication related controller for WebApi

[spa5k]

Will it be possible to add Auth related WebApi only controllers for the WebApi variant? No razor pages or stuff, but pure API Controllers in optimal way.

[spa5k]

It's quite problematic if we want to just use it as backend and frontend on separate react/nextjs elsewhere. Microsoft Documentation is really lacking on this part, plus I'm rather new to dotnet.

[jasontaylordev]

The approach taken in the template is based on the standard SPA templates coming in .NET 8; https://devblogs.microsoft.com/dotnet/asp-net-core-updates-in-dotnet-8-preview-5/#authentication-and-authorization. This helps to reduce the complexity of the template, since I don't need to build anything to support security and identity.

The documentation relating to security and identity hasn't been updated for .NET 8. When it is released, you will find the documentation here; https://learn.microsoft.com/en-us/aspnet/core/security/?view=aspnetcore-8.0.

If you want to try logging into ASP.NET Core Identity using .http files, try adding the following requests to the existing WebApi.http file:

# For more info on HTTP files go to https://aka.ms/vs/httpfile
@WebUI_HostAddress = https://localhost:5001
@AuthCookieName = .AspNetCore.Identity.Application
@AuthCookieValue = <AuthCookieValue>

# GET Identity Account Login
# Useful to get the @RequestVerificationToken necessary for logging in.
GET {{WebApi_HostAddress}}/Identity/Account/Login

###

# POST Identity Account Login
# Useful to get the @AuthCookieValue necessary for authenticating requests.
@Email=administrator@localhost
@Password=Administrator1!
@RequestVerificationToken=<RequestVerificationToken>
POST {{WebApi_HostAddress}}/Identity/Account/Login
Content-Type: application/x-www-form-urlencoded

Input.Email={{Email}}&Input.Password={{Password}}&__RequestVerificationToken={{RequestVerificationToken}}

###

# GET WeatherForecast
GET {{WebUI_HostAddress}}/api/weatherforecast
Cookie: {{AuthCookieName}}={{AuthCookieValue}}

###

The goal of the template is to demonstrate the simplest approach to Clean Architecture with ASP.NET Core. If anyone has suggestions on how I can make security and identity simpler, please let me know. ❤️

[jasontaylordev]

Will it be possible to add Auth related WebApi only controllers for the WebApi variant? No razor pages or stuff, but pure API Controllers in optimal way.

The latest PR does exactly that for the API template; #939. 💥