ASP.NET Web API has an oAuth2 server. There is an endpoint, /token. Posting to the token endpoint with login credentials gives an access token. For authorising the user, pass the access token to all other endpoints exposed by the API.

Role based security restricts access to various parts of the API based on the user’s role. For example, there is more API access for admin users.…

Read More