Hello Everyone and thanks for your help in advance. I am in the early stages of developing a WebApi and need some input on the optimal way to design security for this project. The majority of the api consumption will come from pages which will likely be built into the project itself (unless someone can point to benefits of making the api standalone). However, there is also the possibility that the api will need to support mobile apps as well, so I need the flexibility not afforded forms authentication. Also, I know about the Identity framework, but frankly got burned with the limitations of the old membership provider and am concerned about going down that road again. I've read amny of the articles regarding this topic including:
http://www.asp.net/web-api/overview/security
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
but am really unsure of the best way to go. Any help would be appreciated.
