ASP.NET Web API + ASP.NET MVC Authentication

Question

I am having question around authentication/authorization. Here's my application set up. Application 1 : ASP.NET MVC application which is served using browser. Application 2 : same functionality is served using hybrid mobile app, which is using ionic + angularjs on client side(app) and ASP.NET Web api on server side.

Now, both application have same user base and both need a common authentication/authorization module.

I have went through internet and found many good article which explains authentication with each application individually. I am clear to the point where I need to use token based authentication with OWIN middleware.

But I am not quite sure about how to implement common authentication module for both application. I am planning to have single hosting for ASP.NET MVC application and ASP.NET web api (back end part of app). How can I have common Authentication controller which is shared between both?

If I host both separate, I will have seperate AccountController for each(derived from "Controller" for MVC and derived from "ApiController" for WebAPI). But not sure, how can i merge this controller to have common authentication module in my solution

Am I in right direction with hosting both together? Or any other best practice i need to follow?

Thanks

Answer 1

Make one project that has MVC + API controllers.

MVC controllers will implement cookie-based authentication (they get auth ticket from cookie) and will be used to serve your mvc site.

API controllers will implement header-based authentication (they get auth ticket from header) and will be the back end of your Angular app.

Both MVC AND API controllers will access a class that gets the ticket and implement authentication/authorization logic specific to your needs.

This way you will be able to deploy one web app to one host that serve MVC site and Angular app.