Mixing Forms Authentication, Basic Authentication, and SimpleMembership
ASP.NET MVC 4 introduced us to ASP.NET Web API, which makes it much easier to develop RESTful API's. These API's can be consumed by your MVC web application or by external sources. This prompts many to ask, how can I create a single API that is secure to the outside yet incorporate the security methods that are fundamental to ASP.NET forms authentication. I was interested in a solution myself so I tried out some concepts and I think I found a pretty good solution. My solution incorporates the use of basic authentication along with with the typical forms authentication. It also uses the SimpleMembership that is part of MVC 4 Internet applications. To follow along with this tutorial you will need to start with my introduction on customizing and seeding SimpleMembership . I will use the membership information seeded in this example for testing the application. Basic authentication puts the encoded credentials in the header of the HTTP request. In order to ...