Securing Web Api using Forms Authentication Forms authentication uses the ASP.Net membership provider and uses standard HTTP cookies instead of the Authorization header.