Authentication/Authorization between projects?
I have a webforms site that uses a mix of codebehind and javascript to POST/GET data from a separate WebAPI project. The site and webAPI are separate but run in the same IIS... but are also load balanced between 3 instances.
Currently when a user logs in with the right user/pass, they're granted a token that gets stored in a database, and every time they make any sort of API request I require that token to be passed, and look it back up in the DB over and over before serving them anything.
Is there a better way to authorize API calls for my users that doesn't require me to do a round trip to the database every time? I was thinking of caching their token for X hours, but that wouldn't work behind a load balancer. I was considering putting my webforms site onto Forms Authentication to handle logins themselves, but then I'm not sure how that would extend to another separate site (the webAPI) or how it'd extend to API calls I'm making through jquery client-side for them.
0 comments:
Post a Comment