A NEW Project with ASP NET web API uses oAuth Authorization implemented with Owin Security and ASPNET Identity (Enabled Authentication with Individual User Accounts when you create a fresh new WEB API project).
An Old WCF Services does not use such approach for user authentication, a simple DB query was fired to identify the user.
Now to support SOAP protocol, possible only with WCF services, we need WCF Services to share same authentication mechanism as the ASP.NET REST Web API using.
Goal here is: Maintain only one code to authenticate and authorize the user. Same code will be shared between WCF webservices and WEB API developed with .NET Framework 4.8 and written in C#.
Things I tried:
Redirect from REST WEB API to SOAP WCF Web Service. which failed because SOAP WCF call is POST call and only GET redirects are possible (Please correct me if I am wrong)
Verify the Hash Password from WCF service and Authorize the user for making soap request. The Client request is not the same as REST request as Bearer Auth token is missing in WCF web service and also user credentials are passed as base64 are not the secure way.
Windows Basic Authentication at IIS level that may need too many windows users.
What are the best practices to be considered for the solution of above question?
If the solution is long, sharing some reference links would help.