asp.net mvc - mvc forms authentication separated from webapi authentication -

asp.net mvc - mvc forms authentication separated from webapi authentication -

i have existing mvc 5 project wite webapi2 controllers. utilize forms authentication frontend , bearer tokens webapi.

the problem if utilize webapi authentication after logging in mvc application, webapi thinks i'm authenticated if don't specify valid bearer token.

if phone call

config.suppressdefaulthostauthentication()

then 1 time login through webapi bearer token , login mvc app, principal set claimsprinciple though set custom prinicpal (application_authenticaterequest). when cast httpcontext.user custom prinicpal later, doesn't work , mvc app thinks user logged out.

so, how can separate 2 authentication methods without them overriding each other?

mvc authentication:

protected void application_authenticaterequest(object sender, eventargs e) { if (request.isauthenticated) { // check if have user in cache var userprincipal = principalmanager.getprincipal(); if (userprincipal == null || !userprincipal.identity.isauthenticated) { userprincipal = new genericprincipal(new roomixeridentity(), null); principalmanager.storeprincipal(userprincipal); } httpcontext.current.user = userprincipal; } }

i recommend check vs 2013 web api template (web api , mvc core dependency) individual accounts checked this image, believe missing adding both lines in class webapiconfig.cs:

config.suppressdefaulthostauthentication(); config.filters.add(new hostauthenticationfilter(oauthdefaults.authenticationtype));

you need suppress default authentication (forms auth) add together bearer authentication web api.

asp.net-mvc asp.net-web-api asp.net-mvc-5 asp.net-web-api2