Here is what I am trying to accomplish , and maybe the mix and match isn’t working, but I have had a hard time finding a way to execute the following:
Windows Authentication (AddNegotiate) on an API. After the user is authenticated this way I am retrieving their domain security groups, and then from a dictionary assigning them Role claims based on membership.
I want to be able to share this authenticated session across several other apps that use the API to authenticate, so that the groups query only has to happen once a session times out.
Do I want to do some kind of Cookie implementation to accomplish this? So an application looks, doesn’t have authentication, goes to the API where after confirming Windows Groups and Roles issues a cookie based on that membership.
Would probably also have a manual LDAP login elsewhere in the application to Add claims to the current User Identity.