I have an authentication architecture question. I need to authenticate external website users to a custom API, but have Sitecore handle the actual Authentication/Authorization. The API is really simple, just pass in username and password, and it will either send me user info or an error. I feel like the best way is to just login to Sitecore if we get a successful response from the API as a Virtual user. Anything wrong with this approach? I tried the approach of creating an Owin Middleware and use it to authenticate to the API, but it seems overkill for what I'm trying to do.