Comments by NavjotSingh_013 (Top 3 by date)

I have also created web services for android using Web API.
The best approach for authentication is token based as Web API is state less.

for login you can use any encryption algo and after user authentication create a random token (GUID/ "date"+Math.Random()), save it (you need to keep track which user is sending request, for that create a flat table to record details like first login attempt, logout etc) and return that token in response header. After that for every request from android told them to send that token in 'request header' for authentication. You will verify that token and if valid then proceed further.

Try to debug your web API using Fiddler or some other tool and find the reason for error, there might be issue in routeconfig.cs.

Can you just post the URL you are hitting and code of routeconfig.cs

COALESCE is function which handle NULL values and takes much more time.

You can actual run your both queries in batch and include actual execution plan before executing queries and see which query consume much more time.
The one which uses COALESCE will take 99% of time relative to batch.