I am having question around authentication/authorization. Here's my application set up. Application 1 : ASP.NET MVC application which is served using browser. Application 2 : same functionality is served using hybrid mobile app, which is using ionic + angularjs on client side(app) and ASP.NET Web api on server side.
Now, both application have same user base and both need a common authentication/authorization module.
I have went through internet and found many good article which explains authentication with each application individually. I am clear to the point where I need to use token based authentication with OWIN middleware.
But I am not quite sure about how to implement common authentication module for both application. I am planning to have single hosting for ASP.NET MVC application and ASP.NET web api (back end part of app). How can I have common Authentication controller which is shared between both?
If I host both separate, I will have seperate AccountController for each(derived from "Controller" for MVC and derived from "ApiController" for WebAPI). But not sure, how can i merge this controller to have common authentication module in my solution
Am I in right direction with hosting both together? Or any other best practice i need to follow?
Thanks
