Pregunta
I am creating a Web API service for an application with a single tenant database. Each company will have it's own database strictly controlled and created by us. I am aware of the maintenance implications of single-tenant databases compared to multi-tenant and we feel single-tenant best fits our needs. Users will be created by us only.
There will be a master database to "map" each user to their company database when authenticating based on only their username (email address). If there is a match on email the authentication will then continue within the client's company database which will contain the password hash.
This leaves the databases self contained which is needed for foreign keys for audit records. The master database simply acts as a mapping or routing based on username (email address).
I created a new Web API project and used the Individual Accounts template. I like the way it works but unfortunately I don't see how I can customize this enough to accommodate for my needs. Would this be possible? I need to use tokens. The only other alternative I can think of is a completely custom authentication procedure but security is not something I want to take lightly as I'm sure I will mess up somewhere along the line. I am aware that the user passes its username and password over SSL to the server which responds with a token which then gets included in the header of each subsequent request to an authorized resource. I just need to know if this is something I will have to completely implement myself? This whole thing may just be a silly model for an application in which case I am open to suggestions.
Any feedback would be helpful.
Thanks
Solución
After lots of searching I finally found the type of solution I was looking for. Dominick from Thinktecture has a blog post which details a nice embedded token authorization method which I can now extend upon. This is exactly the type of solution I was looking for as it is extremely simple.
Embedding a simple Username/Password Authorization Server in Web API v2
https://stackoverflow.com/questions/23679176
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian