OWIN Cookie Authentication
Question
I can't seem to get OWIN to work with Cookie based authentication. I have configured my OWIN token endpoint in Startup as:
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
I have also configured Cookie Authentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions());
Now when I hit the /token endpoint I get the bearer token in response and a cookie is also set on client side with the token.
Next up I have a controller that is decorated with the Authorize Attribute. When I try to access any method I get a 401 Unauthorized response, even though the cookie is sent with the request. It seems OWIN is not honoring the cookie for authentication.
Am I missing some thing here, probably some type of configuration? All of this works great if I set the Authorization header with bearer token but why does it not work with cookie only?
1 answers
solution1
3 ACCPTED 2014-12-06 15:05:51
In case anyone is facing the same issue, in the WebApi Config the following line was ignoring the cookie and looked at the Bearer Token.
config.SuppressDefaultHostAuthentication();
Commenting it out made the cookie based Authentication work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.