In my setup I have three applications running on three different domains:
- idsrv.mydomain.com - ThinkTecture IdentityServer
- api.mydomain.com - a RESTful API implemented using ASP.Net WebAPI
- app.mydomain.com - a light weight HTML/javascript application
I would like the user to log into the app.mydomain.com, and the javascript ajax calls to go to api.mydomain.com
I have enabled federated authentication on both api.mydomain and app.mydomain, and switched to JWT tokens in IdentityServer as described here I also have enabled CORS on the api.
Now I can login to app.mydomain.com and see the initial page, but the ajax requests going to the API are not authenticated so the calls to the API still fail. The problem is I have no idea where to go from here. I realize that I have to get the token that was passed to app.mydomain.com and make that available to the javascript on that page, and send that token along with each request to my API, but I don't know how to get the token and how to send it to the API. Any help would be appreciated.
Thanks
Check the sample given by the author, MVC and Web API (JWT)