Logging into .NET from Overwolf

Any advice on logging into .NET from OverWolf, I am using identity and am sending the username and password from the app to a method in my controller, but the signInManager just wont work.

The functionality does work when the application is run and the login is tried without overwolf, so I know the functionality does work.

I am just looking for some best practises on making this connection and logging in.

Code i am using for the sign in:

    public async System.Threading.Tasks.Task<bool> OverwolfTestConnectAsync(string email, string password)
        var result = await SignInManager.PasswordSignInAsync(email, password, false, shouldLockout: false);

        switch (result)
            case SignInStatus.Success:
                return true;
            case SignInStatus.Failure:
                return false;



I will check the issue and update you soon.


An Overwolf app runs from the overwolf-extension:// protocol, which might be blocked by your .net library (which might expect it to come from https).
The best way to achieve login is by taking the user to their default browser and (with a pubsub or polling the server) have the app take focus when the login is complete.
Another option is to open a new Overwolf window that redirects to an https page for the login, and, upon success, redirects back to a local overwolf-extension:// page with the token as a url parameter.

I created a webAPI to allow for login and plan to send the token back from the POST request in this, I am using CORS for security on the WebAPI, and once the app is deployed, the calls with me auto encoded so the password wont show up in the URL? I plan to deploy with HTTPS.

I am going to use jwt to achieve this token auth.

So the flow is like this:

Overwolf App > [email + password] > WebAPI > WebApp > WebAPI > [token + successCode] > Overwolf App

Do you think this is a good way to go about it? I have never done anything like this before in a secure way :S

This is a possibility - just make sure your server sees it as coming from an https origin (using fetch should work).
I don’t think this is the best way of going about - since your users would feel safer doing it via their default browser (which is the flow I mentioned above).

Ah right, ok I will implement it in the way you have mentioned. Thanks for the advice!

1 Like