This simple project is to decouple server side security code and client side viewer. Server side using ASP.NET Web API 2, Owin, and Identity, it also support CORS; Client side can use JavaScript MVC/MVVM libaries such as Angular, Sencha. So server side code and client side code can deploy to two different server. In the real project, we also need add a separate secured Resource Server, using same machineKey with Authenticate/Authorization Server(Or actually better way using JWT token for many Resource servers rely on your Authorization server), Client side need call Authenticate/Authorization Server API with HTTPS.
swimhiking/TokenBasedSecurity
Token Based Authentication using ASP.NET Web API 2, Owin, and Identity
CSS