{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 混吃等死 的问题《RESTful authentication using ACS》','https://www.manongdao.com/q-721357.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have a web application written in ASP .NET MVC 3. I'm using ACS for authenticating my users and I defined Google, Windows Live, Yahoo! and Facebook as identity providers.
Now I want to expose a REST API for the application (I want to create an app for WP7). Some of the calls require that the user is authenticated so I thought I should pass a token in the authentication header of the request. What is the best approach to do this with ACS? Is the ACS able to provide me these kind of tokens or am I responsible for writing the code that generates these tokens?
Yes. ACS supports this scenario with "Simple Web Tokens" (SWT). See here, or any of the "released" documentation in ACS. ACS v2, currenlty in labs, has expanded support for WS-Fed, WS-trust, etc (this is what you are using today).
Here's a blog post I wrote with more information for the phone.