Authentication and Authorization

I have our current backend apis set for basic http authentication. I have it setup so I can control what clients (servers) can call what apis.

Now I need to figure out a way to “authorize” the end user that is using the ui on the server that is calling the api. All of our frontend uis are web based applications (no spa/js stuff). So communication with the api is completely controlled by the server.

We are currently using a mixture of authentication methods on our frontend web applications. Is there an easy way to say pass the UserPrincipal from the .net web app to the api for further authorization?

Hopefully this makes sense what I am asking about/looking for guidance on.

If your front-end UI is using Windows Auth you should be able to pass the current user with:

var client = new JsonServiceClient(BaseUri) {
    Credentials = CredentialCache.DefaultCredentials,
};

But if your APIs are only accessible by your front-end UI then you can just pass the UserId/UserName in with each call as you’ve already authenticated the user in the frontend UI.