Hi All,

I am developing a SPA mobile app using Cordova.

I have one "HomeController" with two actions... Index() and App() intended to be used as MVC web pages. Where App() is protected by the Authorize filter.

Then I have a few API controllers which access the database via EF and all that jazz where both API controllers are protected by the [Authorize] filter.

The general first time start up flow is as follows:

• 1. User boots up the app for the first time
• 2. Registers account
• 2. Logs in via OAuth /Token URL method as found [https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/individual-accounts-in-web-api](here)
• 3. This returns me the authorization token with which I can send alongside my AJAX requests and I can retrieve the /home/app view and display it

I am at the point now where I need to tie resources to users, so user 1 has X resources and user 2 has Y resources and of course they should not be able to view / edit each others resources.

This leads me to two issues: 1. For the first time I log in and for that session only I can retrieve the currently logged in user via the built in identity UserManager. But upon closing the app and returning, simply retrieving the token from localStorage allows me to access the WebApi but I can no longer get the user from UserManager? This looks to be some kind of session/cookie reset issue? 2. The token expires within a set amount of days, so the user would have to re-log in every so often - how do I get around this?

As this is a mobile app (which doesn't access sensitive data) it would be reasonable for the user to simply boot up the app and have their data shown without the need to log in every time. I am just really stumped on how to do this that would A. Allow the user to log in once without needing to re-log in every time they start the app and B. Still authorize the use of the web API via AJAX requests.

I have spent a few days looking online now and I just keep getting a bombardment of FormAuthorization and outdated docs using ASP Web Forms. I am using ASP.NET MVC 5 with Entity Framework (code first).