I have the following sites: asp.net MVC site with Angular (1) -> WebApi (2) -> asp.net MVC remote site with a mix of WCF and MVC services (3)
(1) The Angular client runs in a new "lighter" asp .net MVC site, and should use a bearer token to get data from the WebApi. Future requirments: Single-sign-on
(2) The WebApi will be the future endpoint. But as of now, a heavy backend from the old site (3), requires a temporary solution. The heavy backend will gradualy be moved to the WebApi, leaving out such as silverlight components, windows application dependencies, etc, etc. The WebApi is also a new setup, but serves tokens via the /token endpoint. I followed this guide: http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/
(3) The remote asp.net MVC site contains a bunch of WCF services and a few MVC Controllers serving as api's. The WCF services allow HTTP json etc using WebInvoke. It requires session and forms authentication. It responds with a cookie.
My question is. How can I use the WebApi as a middle layer between new MVC site (1) and old MVC site (3), using HttpClient in the WebApi controller action method? I assume I will need to pick up the cookie from old site (3), add it to the token as custom properties or claims..? Return the token to the new site (1), and let Angular save the token to local storage in the browser.. Angular will then send the token on every request to WebApi (2) that requires authorization. Then the WebApi controller action method (2), will unwrap the custom data from the token (the cookie), and send this to the old site (3) upon requests..
