I have seperate projects - > mvc 6 Web Api and a Mvc6 client app
When it comes to authentication i really dont understand the options so far I know that Basic Authentication has been dropped, so I can't pass authentication stuff over headers anymore.
I also know that the option with Oauth2 with an 3rd Party OpenIDserver with IdentityServer3 but I dont want to have this, isn't there a simple way like Basic Authentication, where if i succesfully login I get authorization stuff like roles, name etc and if I send a request to my API that I check if the authorization stuff is valid to see this part.
as u can read im a bit frustrated about the poor documentation about security in MVC6 its a mess