我们最终与SPA模板去了，对API（单独MVC一部分）做认证。
然后该API将产生唯一令牌和用户重定向到前端与网址参数令牌

We eventually went with the SPA template, doing authentication on the API (separate MVC part). Then the API would generate a unique token and redirect the user to the front-end with the token in url parameters.

前端则需要发送此令牌上的每个后续请求。

The front-end then needs to send this token on every subsequent request.