Hi everyone, I am using MVC5 to create a webapp and I have two different types of controllers (ApiController & Controller) and two different end points:

• API end point that returns JSON and uses ApiController
• WebApp front end that uses Controller

I've used filters.Add(new AuthorizeAttribute()) in my FilterConfig.cs so that user has to login before accessing any data on the website but, a user can just go to my API endpoint url and do whatever they want with the data (add,delete,update etc).

I plan on consuming the WebAPI on an android app so i was thinking to implement a login screen that validates the username and pwd (same as my WebApp) using the WebAPI that I made using and if the user authenticates successfully, they are then allowed to update, delete etc. Is this even possible? If yes, how can I achieve this?

Any help would be appreciated, thanks!