Authenticating requests from mobile (iPhone) app to ASP.Net Web API (Feedback requested on my design)

Question

I\'m designing a web site that will have a mobile companion (initally iPhone only). The web site will be an ASP.Net MVC 3 application. I\'ll also have an ASP.Net Web API site (M

Answer 1

In VS 2013 you can use the "Asp MVC SPA Application" template to generate a working implementation that is generating a Oauth2 token bearer on login and authorizing it for WebApi controller calls using [Authorize] attributes. It uses Membership and Entity Framework to store users and hashes locally in a SQL Server. Just delete the asp mvc parts you don't need and keep the Auth part for WebApi. More details here: http://msdnrss.thecoderblogs.com/2013/09/understanding-security-features-in-the-spa-template-for-vs2013-rc/