I have a question about authentication / authorization. This is where my application is configured. Appendix 1: ASP.NET MVC application that is used in the browser. Appendix 2: the same functions are served using a hybrid mobile application that uses ionic + angular on the client side (application) and ASP.NET Web api on the server side.
Now both applications have the same user base, and both of them need a common authentication / authorization module.
I went through the Internet and found a lot of good article that explains authentication with each application individually. I understand that I need to use token based authentication with OWIN middleware.
But I'm not quite sure how to implement a common authentication module for both applications. I plan to have a single hosting for the ASP.NET MVC application and ASP.NET web api (back end of the application). How can I have a common authentication controller that shares both?
If I host both separately, I will have a separate AccountController for each (obtained from the "Controller" for MVC and obtained from the "ApiController" for WebAPI). But not sure how I can combine this controller with a common authentication module in my solution.
Am I in the right direction with hosting together? Or any other best practice I should follow?
thanks
source share