I have our current backend apis set for basic http authentication. I have it setup so I can control what clients (servers) can call what apis.
Now I need to figure out a way to “authorize” the end user that is using the ui on the server that is calling the api. All of our frontend uis are web based applications (no spa/js stuff). So communication with the api is completely controlled by the server.
We are currently using a mixture of authentication methods on our frontend web applications. Is there an easy way to say pass the UserPrincipal from the .net web app to the api for further authorization?
Hopefully this makes sense what I am asking about/looking for guidance on.