I have a probably typical setup with a regular web application and a mobile app that uses Web API to access the data. The Web App has one type of Auth0 authorisation and it works. the mobile has a different type and that works also fine. My challenge is now that I am serving physical files from the regular web application and that works really fine when you are logged into the web app. But I also would like to get access to those files from the mobile app, however if I am going to use the same URL as the web application, it would mean that the mobile app has to be authorised against both the web api and the web application. I am not sure if that is possible?
Another approach could be to let the Web Api also serve the physical file, but I am not able to figure out how that is possible if at all ( I am using ASP Core 2.0 Web API).
It seems like a normal scenario and hence other people should have faced this issue before. Can anyone help me?
Thank you very much