I have a REST web service protected with custom basic authentication. Now I need to add several web pages to that service so that users can get their usage stats just using their browser.
The “web service” should have accounts separate from the “stats pages” accounts. I guess I have to use forms authentication for the “stats pages”.
So my service can get POST requests at /ProcessData path and such accesses are secure with custom basic authentication and I want to add a page served when user opens /Profile path in his browser and looks like that access should be secured with forms authentication.
How do I use these two authentication methods for the same web site? Is there some easier way to achieve what I want?
I believe that you will either:
have to define separate end-points (with different ports) for separate pages, that way you can split up your authentication per endpoint
or
write a custom authentication provider that delegates authentication to either forms or your own, based upon the url targets