Accessing Rest API with a Simple Web Token

Question

I have written REST api using Asp.Net Web.Api.

It is secured using ThinkTecture's Identity Server.

I have written a simple console client that allows the user to enter a username and password. The client then authenticates to the Identity Server with these credentials, gets a token on success, passes the token to my rest api, is authenticated by the api and then gets it's data from the api.

Now I have written an MVC site that consumes the api. What I'm not sure on is how I query the api if I don't have the username and password to get a token? I obviously don't want the user to login each time I want to call the api. Can I do something similar to setting an auth cookie?

Answer 1

Yes you need to cache the token in the client and re-use it whenever you make a request on behalf of the client.