Build a secure authenticated RESTful Web API

Introduction: I need a secure Web API for an application I'm building. I don't know much about security, but I need some best practice authentication. Probably HMAC, unless you can convince me of something better. The consumer of this API will ultimately be a mobile application that sends messages to be stored by the API. To give you an example of functionality, think of a "todo" mobile app that stores the items on the server. The user can then retrieve their items later by date range. The mobile application is NOT in scope of this task, but I thought I'd mention it as you might need to take this into consideration when building the solution. Web API must have the following: - Signup with Email, Name and Password - Authenticate/Login using Email and Password - Send message - locked down to the logged-in user - Get messages by date range for user - locked down to the logged-in user Note: You are not required implement the functionality of storing data for signup and messages. I can do that myself. You only need to provide the authenticated API endpoint. You should just mock the response with some hardcoded test data. I will wire up the API to my own services. To show the API working, I also need a 1 page application (Webforms or MVC) which does a web request to the API, and prints the result. Acceptance Criteria: - Web API application in a C# Visual Studio 2013 solution - Authenticated API uses Public-Private key cryptography - NOT just shared key! - Web API controller with action for: Signup with Email, Name and Password - Web API controller with action for: Authenticate/Login with Name and Password - Web API controller with action for: Send message - locked down to the logged-in user - Web API controller with action for: Get messages date range - locked down to the logged-in user - A single page application which does a web request to the API using REST Sharp [login to view URL] - Sql Server database for storing authentication tokens - Ability to regenerate encryption keys you have created. This may be added to the single page application (mentioned above). Code requirements: - Only use trusted open source libraries available on nuget - Code must be understandable to a mid-weight developer - Code must be concise - short is sweet, unless it is hard to understand - Code must be elegantly written - not hacky - Code must be Unit tested - preferably using NUnit and Moq - Visual studio solution must build and run