Votive Votive - 8 months ago 30
ASP.NET (C#) Question

How can I use ASP.net Identity with a 3rd Party REST service for authentication?

I have an existing combined ASP.net MVC and WebAPI website that uses the standard

classes to perform authentication using the Entity Framework. I now need to 'swap out' that authentication and use an external 3rd party REST web service to do authentication and to store and update user details.

The 3rd party web service has a simple
endpoint that takes a username and password, and it returns a token if the login was successful.

I'd like if possible, to continue using the ASP.net Identity
table to manage the roles for a user once he/she is logged in.

What's the best approach for implementing this scenario? I originally considered writing a custom
but that assumes I have access to password hashes, which I don't. I can only log in and update the password using 3rd party API endpoints, I don't have access to the database user tables directly.


To answer my own question, in the end I handled this in my ApplicationUserManager class. I overrode the FindAsync method and validated the credentials there by calling through to the 3rd party web service. That returned a session token to be used to call other endpoints.

I stored the session token in the user ClaimIdentity within another overriden method--CreateIdentityAsync. This session token can then be read out of the bearer token on subsequent WebAPI calls.

This technique works for both WebAPI and Website logins, and can if necessary fall back to the UserManager to valid the user's credentials using EF if the user does not have credentials stored in the 3rd party service.