stackoom
  简体   繁体   中英

Authenticated user is lost in web api owin middleware

 原文  2021-06-30 07:08:52       c#/ asp.net-web-api/ jwt/ autofac/ owin-middleware

Question

I'm using owin middleware and Jwt Bearer Aurhentication alongside Autofac that help my Webapi to handle requests.

JwtBearerAuthentication middleware works fine and set HttpContext.Current.User.Identity.IsAuthenticated to true and it persist until pipeline reaches to webapi middleware , in my webapi authenticated user is lost

order of middlewares are as follows:

public void Configuration(IAppBuilder app)
{

    var config = new HttpConfiguration();
    WebApiConfig.Register(config);
    #region Autofac config

    var container = AutofacWebapiConfig.Initialize(GlobalConfiguration.Configuration);
    config.DependencyResolver = new AutofacWebApiDependencyResolver(container);

    #endregion
    #region RoutConfig

    RouteConfig.RegisterRoutes(RouteTable.Routes);

    #endregion

    //Register middlewares
    app.UseAutofacMiddleware(container);
    app.UseAutofacWebApi(config);
    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
    app.UseJwtBearerAuthentication(new MyJwtAuthenticationOptions());
    app.Use<RedirectUnAuthenticateRequestsMiddleware>();
    app.Use<ReadBodyMiddleware>();
    app.UseWebApi(config); //in this middleware authenticated user is lost

}

Here is my WebApiConfig class:

    public static void Register(HttpConfiguration config)
    {
        // Owin auth
        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new HostAuthenticationFilter("Signature"));
        GlobalConfiguration.Configuration.IncludeErrorDetailPolicy =
IncludeErrorDetailPolicy.Always;
        // Web API routes
        config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
        config.MapHttpAttributeRoutes();
        config.Services.Insert(typeof(ModelBinderProvider), 0,
         new SimpleModelBinderProvider(typeof(DocumentModel), new FromFormDataBinding()));
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "{controller}/{action}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
    }
}

Have you any idea?

Update:

Inside my owin middleware after authentication middleware, IsAuthenticated is set to true

  public override async Task Invoke(IOwinContext context)
{
      var isAuth=context.Request.User.Identity.IsAuthenticated;//It is true as expected.
                await Next.Invoke(context);
                return;
}

but when it reaches to my controller

HttpContext.Current.User.Identity.IsAuthenticated;//It is false.

1 answers

solution1
 0 ACCPTED  2021-07-01 07:07:31

Problem was from this line in WebApiConfig class;

config.SuppressDefaultHostAuthentication();

When i commented,issue disappeared and authenticated user persisted in webapi.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OWIN Middleware + Web API + Simple Injector Web Api 2 get controller and action name in OWIN middleware? Owin Custom Routing MIddleware in ASP.NET Web Api 2.0 OWIN Web API authorization in User Interface How to check if user is authenticated in Web API 2 Calling a Web Api method when user is authenticated MVC 5, Web API And Owin How do I implement an OAuth2 Authorization_Code Flow in Web Api using OWIN Middleware? How to redirect user from OWIN middleware? Get user name from Azure authenticated AD in .Net Web API
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM