Hibernating Rhinos

Zero friction databases

Web API 2–the SPA user interface review

I started to look on the sample code of the Single Page Template which uses the Web API 2 and ASP.NET MVC 5 beta and what I see it interesting.

It got a very nice UI implementation, and the authentication options that are built in are great:


Basically, there is an built-in OAuth integrated authentication against Google, Facebook, Twitter and Microsoft, in addition to a classic local authentication feature. This looks very nice.

Let’s try log-in using Google. I pressed the Google button and the page it redirected to the Google login page. After entering my Google account’s credentials, Google asked me whether should it allow localhost to access my data. I’m selecting to accept button:


After pressing on the accept, the page is redirected back to my application and asks my to sign up using the my Google account.


The requirement to specify the user name here seems to indicate that they use username to identify users instead of emails. Personally, I think that websites should ask for an email in order to identify a user. If they did that, the username can be configured later, from the account settings. Also, using my name as the User Name seems strange as user name doesn’t contain a spaces usually. But anyway… we will leave this aside.

I’m pressing on the Sign up button.


The UI seems to be really nice. It all AJAX powered and looks good. I was able to add an item, check it as done, but when I tried to delete it I got a mysterious “Error removing todo item.” error.

Anyway, let’s look more on the authentication options. I’m clicking on my user name, which redirect me to the “Account/Manage” page.


Here I can see that I can specify a password, so I’ll be able to authenticate with a local username. So, let’s set a password.


After doing so, I get a “Password changed” message with an option to change the password. But also note that since I have now two options to log in to the website, it gives me the option to remove one, which is nice.

So it seems that I have all the authentication needs that a website is typically needs built-in, and they seems to work well. In the next post I’ll start to dig into the implementation of this, which has some surprises.

Posted By: Fitzchak Yitzchaki

Published at

Originally posted at


Timothy Walters
08/06/2013 05:37 AM by
Timothy Walters

Regarding your comment of using email to authenticate vs your name, that's not how OAuth works.

To sign in again you just click "Google" again, no username/password at all.

The reason you are asked for your name is not to sign in using it, but instead so the site can show you friendly greetings using your name (e.g. "Welcome back Fitzchak Yitzchaki").

Fitzchak Yitzchaki
08/06/2013 07:13 AM by
Fitzchak Yitzchaki

This is not a display name but a user name, since that two users are not allowed to use the same name. So, because of the uniqueness requirement, I prefer to use an email for that. A display name is entirely something else, that should not be unique at all.

Comments have been closed on this topic.