We have a solution that contain 3 parts: - Angular JS for client side. - MVC web application to handle SPA. - Web API for backend functionilities.
We use OWIN "UseCookieAuthentication" to handle authentication.
The process of being authenticated: - Angular JS request Web APi service to login. - Web Api login service check user information and if information is correct it will generate a persistent cookie. - Web API create a CLaimsPrincipal and put it in the cookie. - Web API returns the generated cookie token in the response header. - Angular JS handle authentication using "withcredintials".
The problem we have that some requests go through MVC Application without angular, and in this case MVC application request do not have the"Set-Cookie" header.
I have two quastions: - first how can i Access the cookie token from my MVC application. - second can i share the ClaimsPrincipale in both Web API and MVC, then i can see the request as authenticated in MVC.
Thanks :)
