In this second part we will start adding an endpoint for authentication to our web API.

To do this we need to add a new controller. We will add an empty API controller and call it AccountsController.

We will use dependency injection to add a UserManager, a SignInManager and a ILogger instance.

We also create a new model class to pass login information to our authentication method

last but not least we will add out authentication method to the Accounts controller as an HTTP POST method.

We will allow anonymous access to this endpoint of course.

calling the Authenticate method using HTTP Post with the following data in the body

will return a status 200 and also a application cookie to be used for authentication.

After that we should be able to call our method on the values controller that we decorated with the Authorize keyword.

Now we will add another endpoint to the Accounts controller that will allow us to add new users to the system

This will be another HTTP Post method that will only be allowed for users that are part of the Administrator role.

In some systems you may want to allow anonymous access if users can register themselves in the system.

First we create a model for the registration data

and then we add the Register method to the AccountsController

to allow access only by users belonging to the Administrator role we decorate the method with the Authorize decorator and assign the Roles.

After validating the model we create a new user and return either success or the error information

Next lets add an endpoint to allow the user to change his or her password.

this will allow the user to change the password. The old password has to be known to make the change.

But what if an administrator would need to change the password for a user without having access to the old password.

In order to handle that requirement we add another endpoint called ChangePasswordForUser only accessible to users of the role Administrator

This concludes part 2 of this series. In Part 3 we will be looking into additional features for the account management.

Michael Salzlechner is the CEO of StarZen Technologies, Inc.

He was part of the Windows Team at Data Access Worldwide that created the DataFlex for Windows Product before joining StarZen Technologies. StarZen Technologies provides consulting services as well as custom Application development and third party products