I wondered if anyone could suggest the best way to go about providing a web service which shares the same authentication process as the web site (sharing the same webapp).
Basically I have a Controller which uses a UserIdentity to authenticate and authorize, and I was hoping to extend this class to provide similar actions (services) for SOAP users.
So the first “service” I guess would be to Login, and I assume I would somehow need to return a session id in the (successful) response. I’m not sure how I would use the session id along with the UserIdentity class to authenticate each time the user makes a service req…
All this stuff is done automatically with browser-webapp communication using cookie data, I’m not sure if I am making a mistake in trying to use this stateless architecture in such a way, if it is not advised then the user could simply supply login data with each req.
I have seen services online which use the method of returning a SESSION_ID after authentication. I think it is possible with PHP but I don’t know how to incorporate this into the work I am doing with this framework.
I am facing same issue. Token based authentication or cookie based authentication doesn’t work anymore. I have to pass username and password in each request for handling all protected actions.