Web api authentication and MVC 4

Question

I have the following solution:

1. Web api project.
2. MVC 4 project.

I need to authenticate user by sending its credentials using a JSON request (https is a must). is it a good approach ? and how can i authenticate the user on both web api and MVC .

Answer 1

is it a good approach ?

Yeah, why not.

and how can i authenticate the user on both web api and MVC .

If the Web API requires authentication you could use the same Forms Authentication as the MVC application. So you could configure Forms Authentication in the web.config of the Web API application and then decorate the actions that require authentication with the [Authorize] attribute. Then clients that need to query those methods will need to include the Forms Authentication cookie along with the request.

It is important to note that in order for the Web API to be able to decrypt the forms authentication cookie that was emitted the MVC application, both applications need to share the same machine keys.

Answer 2

You can use Basic Authentication. You need to create Authenticationfilter.

There is an opensource library. (WEbAPIDoddle)

https://github.com/WebAPIDoodle/WebAPIDoodle