In this post I will show you how to authenticate an application to an ASP.NET MVC web site that uses forms authentication. This sounds a bit weird, but as I found out on the web, this is a fairly common thing to do these days.
The most common scenario where people want to do this is, is when they want to consume an ASP.NET MVC web site as if it was a Web API, to get resources that are already in place and are accessible thru controller’s actions.
There is couple of ways of doing this, and it is pretty easy until you need to authenticate the request in order to get those resources.
The web site we are working on uses Forms Authentication, this means that when a request arrives, the ASP.NET infrastructure is going to see if this request is authenticated or not, if is not, it will redirect the request to the login page. While this works fine for web pages, is not so good for APIs. Down below I’ll show how to authenticate a client to a login page using the HttpClient class.
* note: I'm assuming that you 're familiar with the with the "internet app templete" that comes with asp.net mvc 4.0, If not, grab the sample project from this post and take a look at the AccountController class.
This is how you can authenticate a request that otherwise it would be redirected to a login page.
Once you have done that, you have client that can issue authenticated requests to your website.
* note that I’m using the same HttpClient instance that executed the login request. If you don’t do it this way, it won’t work at all.
You can get the sample app from github https://github.com/amiralles/http-client-forms-auth
The repository contains a solution with two projects, an ASP.NET MCV 4 web site and a console app that consume the web site as if it was an API.
The web site it's also published on Windows Azure, so you can test the code in an environment other than localhost. Just change this line in the console app config.