Got several emails recently with questions on how to enable the following scenario: ASP.NET application (e.g. MVC) using Forms Authentication and Web APIs using Basic Authentication to authenticate against a unified user store.
This is actually quite simple to achieve using Thinktecture.IdentityModel. I started with a standard MVC forms authentication template and used Membership to authenticate the user on the login page:
// authenticate user
var success = Membership.ValidateUser(model.UserName, model.Password);
// set authentication cookie
Then I added the following lines of code to WebApiConfig.cs:
var authConfig = new AuthenticationConfiguration();
// setup authentication against membership
authConfig.AddBasicAuthentication((userName, password) =>
Job done. Web app users use Forms Authentication with Membership to authenticate, Web API users use Basic Authentication with Membership to authenticate.
The full sample is here.