Blazing Heart Reader is architected so the back-end data is available through ASP.NET Web APIs, and the web front end just uses javascript (with the help of jQuery) to consume them. This allows the data to be accessed from future applications, such as desktop or mobile apps, directly. That is, if they are autenticated - which turned out to not be possible through anything other than the web page with the way things were.
But, over the last few nights I have been working to add support for HTTP Basic Authentication, which is where your user name and password are send to the server as part of the connection process. This allows using code to access the API by passing a user name and password as part of it's connection process. I have a simple WPF test app that I made which uses RESTSharp to connect to the Blazing Heart Reader API, which now works:
To get this working, I coppied the code for IdentityBasicAuthenticationAttribute.cs and related files, and then just added the attribute to the API controllers:
Easy. Behind the scenes though, this is only possible because I'm using the Owin authentication model which bypasses the server authentication. This is important because the server only allows one type of authentication for the whole application but Owin allows you to use anything you write a filter for. It's a good thing I previously upgraded the site to ASP.NET MVC 4 to use Owin otherwise this would have been quite painful!