I have a web application which uses Jquery UI for the front-end and WEBAPI for the data access. Ajax calls are used to call the WEBAPI. Currently there is no authentication for WEBAPI.
The web app has a custom login form and uses asp.net sessions for session management.
Client requires that some of the data to be accessible to other applications for reporting purposes.
What is the best way to approach this? I have gone through OAUTH. If I implement OAUTH, then do I have to change the webapp to send bearer tokens or can I have a mix wherein I can use cookies for the webapp (ASP.NET IDENTITY) and OAUTH for the external application? Also what flow should I be using?
