I'm having problems trying to decide on a route to take on a project I have.
I've been reading up on OWIN specs and Katana implementation within .NET. The reason why I'd like to go with the Katana route is because of the owin components associated with ADFS and Token/Cookie generation.
I have two projects, one for MVC 5 website, and one for Web API. They may rest of two separate servers in the future, but for now they are on the same.
I know I will be using IIS, so the Owin pipeline isn't necessary for me to investigate.
The requirements I have is that there will be users that will be logging in using ADFS, and other users who will be logging in using Token/Cookie generation, with Role/Membership providers. Based on who is authenticated, certain sections of my web page will be exposed. The webpage enginer is done in razor.
Does anyone have any material that I can read through to help explain a design flow I can take? Or anyone has done a project similar to what I'm going through that can add any advice? There's a lot of disparate documentations that describe specific things that I need, but not the big picture; like only talking about WebAPI and ADFS, or WebAPI and windows azure, etc etc.
My theory is to implement authentication/authorization on the MVC5 website project, authorization on the Web API (somehow communication between the two needs to exist). I then maybe create a copy of the project for ADFS and another copy for Token/cookie authentication? Or maybe I'd have to make 4 different kinds of authentications: 2 for adfs where I authenticate against the MVC5 website and Web API, and again another 2 for token/cookie generation.
Any suggestions would be helpful as I'm not very familiar with this kind of technology.