Hi,

Im new to web authorization/authentication so after reading about identity servers, asp identity, oauth, tokens and some other crazy stuff ... im totally lost :)

For my project i need to leave umbraco authorization pattern as native as possible, but :

1. Users logins stored in external win32 service ( i can implement any api interface to it actually, wcf-based is preferred but not a mandatory ). User store should stay in service because there are tons of BL in it and its all based on users;

2. Users login directly on site ( login/password + second step PIN );

3. Pages in user area should directly request data from service ( use tokens? ). User logins only once ( on site, or, in case of mobile apps - by some request ), but service needs to know that request from user are authenticated, it also will require all user data, but service already have it all)

4. At later point i need to be able to use same pattern to auth mobile apps;

So i need to create something like this :

Not asking for code (but will be great), just tell me what pattern to use and ill be so happy :)

Thanks))