Hello everybody,
I have a WEBAPI REST Service (which is kind of a middle layer) wich authenticates on another service (WCF Service) with username and password and gets it's data from there.
Since my WebAPI is a REST Service, it is stateless. In my opinion this means that every servicecall from my Phone to the WEBAPI leads to a new authentication process from my WebAPI on the WCF-Service. Right so far?
Now how could this be done? Do I have to send the username/password combination every time from my phone to my WebAPI, so that the webAPI can authenticate on the other WCFService?
Or is the recommended way to kind of map the authentication-token (which would not have to contain username and password then) to a username/password combination on the WebAPI Service?
I could not find a simple solution for this. Does anybody have an idea? I would need a simple example of client-side and server-side code for understanding how this could be done.
My thougts were:
- Send username and password from phone to WebAPI
- Send authentication token back to phone
- Call another WebApi - RESTService from phone and send authentication token in header
- ?? How do I validate this token on the WebAPI Service and how do I connect it to a user?
Could anyone write a simple piece of dummy-code?
Thank you very much!