I have a system which consists of a web application and a separate web server. All written in ASP.NET, C#. The Web Application gets requests from the user and sends calls methods from the Web Server, which processes all the data. I would like to add the authorization functionality to the system, based on the Forms authorization mechanism. Thus, every user will have to register and sign in before using the Web Application. This is done in order to make secure and authenticated access to the user data stored in the Web server. My question is, assuming a user has signed in to the Web Application, how can I pass the authorization data to the Web server securely?
Thank you in advance,