Possible Duplicate:
User Authentication in ASP.NET Web API
Working on creating a Web API for some of our services and trying to find best way of securing it. We would like to issue an API key to any application/developers wishing to use the API. In addition, some of the API calls should require authentication.
As an example, service call #1 does a basic get. For this call all that would be required is the token corresponding with the caller. Service call #2 does a put of sensitive information. For this call, the token is required and additionally the user associated with the put request should be authenticated.
Are there any examples out there outlining this type of implementation? I've spent a good deal of time browsing the web and what I've found seems to provide either token based or user authentication. Nothing I've seen does both.
This was marked as possible duplicate and here is why I see otherwise...
I am asking how to incorporate BOTH a token for authenticating the web application as a consumer and also how to authenticate the user of the web application consuming our service(s). The link provided to the possible duplicate only explains how to implement single level authentication (Forms or Windows Authentication). It does not give information on doing both Application Token and User Authentication.
