yes client can authenticate.

i removed SVI but now access point cannot discover controller.

 You removed but you transferred to Core, right?  

what about the layer3 interface you have on the WLC. Was not that your management Interface?  

"

Information About Wireless Management Interface

For the WLC discover from AP, you can use option 43 on the DHCP server to pass the WLC IP address to access point on DHCP request. You can also use DNS for that and ultimatelly you can setup the WLC on the AP statically with capwap ap command. 
 Try to use the easier mode which is static config on the AP  just to make sure now clients can connect and get IP, Later you see a better way to join the APs on the WLC 

Use the command on the AP

capwap ap primary-base <wlc-hostname> <wlc-IP-address>

i will configure int vlan 50 on my core switch no problem with that.

the only problem i have is i cannot remove int vlan 50 on controller because access point cannot find my controller without it.

Great, well understood.

let me try this one and keep you posted.

Thanks Flavio,

This solved my issue:
I had two VLAN 10, 50 

On controller: 

- I created SVI 10 for Management purpose. (removed IP helper address under this interface)
- Created L2 VLAN 50 for Wireless users attached to WLAN.
- Disabled DHCP Server

- Disabled fast transition as well.
- Created Option 43 code on my Mikrotik router

These were steps that i did solved my issue.

Thanks everyone for every single word you commented, appreciate you support
AliDoski

Yeah sorry I didn't realise you were also using vlan 50 SVI as your wireless management interface.  As Flavio says best practice is to keep the AP management and client traffic on separate VLANs but you can keep them all on the same vlan if you really want to.  Just don't put any DHCP helper/relay config in anywhere because it's directly connected.

Yes that policy is definitely a problem - your policy was completely empty in the config above but should be fine once configured with vlan 50!

You DO NOT need DHCP relay at all (either interface helper address or in policy) when the DHCP server is in the local connected subnet!

You do not need the SVI (vlan 50 interface) at all and in fact it is NOT RECOMMENDED on 9800:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/c9800-best-practices.html#DHCPbridgingandDHCPrelay

So remove all references to the DHCP server on the WLC, delete the SVI and allow the client traffic to be bridged to vlan 50 and the router to respond.

i checked this before and enabled previously.

In wlc monitoring > client check in which state the wifi endpoint pending 

MHM

service dhcp is only required if you are using the WLC as a DHCP server, which you are not as far as I can tell.

According to the diagram the Microtik router is the DHCP server right?

Yes dhcp is enabled on my mikrotik router.