I have the following scenario:
- MVC App - ASP.NET MVC application that has Identity installed in it.
- SPA App - Angular SPA app that is located in an area inside the MVC App.
- Web API - ASP.NET Web API service that is used by the SPA App.
Both, MVC App and Web API should use the same user accounts. So, now, I have the Identity installed in the MVC App. There would be a View in it that will load the SPA App and the SPA App is going to make requests to the Web API. But the Web API will work only if the user is authenticated, thus it needs a Bearer Token sent by the client. So, when the user gets authenticated in the MVC App and opens the View with the SPA App, I should somehow get a Token for the same user that is authenticated in the MVC App, place it in the SPA App, and send the token from the SPA App JavaScript to the Web API.
Is this possible? Or is there a better way to do it?