owin

It is really strange. I tried to make a CORS request to WebAPI2 (OWIN-based) to gain authentication token. It always fails every other times. like 1st request fails, but 2nd request will go through. And the 3rd fails, but the 4th will go through. I don't understand why it was working half of the times. I check the browser request (chrome). The one got failed always goes by OPTIONS method. The one went through always goes by POST. But I always use post method with headers 'Content-Type': 'application/x-www-form-urlencoded' So I guess the question is why sometime Chrome/fire fox send preflight

I am migrating my Azure AD secured application to the v2.0 endpoint. I need to pass a custom parameter to the reply uri. With former Azure AD endpoint I did it by adding a usual query parameter to the reply url. e.g. https://myserver.com/myredirect_uri?mycustomparamerter=myvalue Unfortunately, with endpoint 2.0 I received an error saying that the reply uri does not match the one registered. Of course my custom parameter value is dynamic and I cannot hardcode it. I was looking to exploit the 'state' parameter described in OAUTH flow . However, I am using Microsoft.Owin.Security.OpenIdConnect

I'm trying to use the same authentication between the MVC controllers and the Web Api controllers. The Web api is in the same project, just in an /Controllers/API/ folder. I can't seem to figure out how to authenticate using OWIN, when I logged in through MVC and created a claim and a cookie like the example below. var identity = new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name,"Admin"), new Claim(ClaimTypes.Role,"Administrator") , "ApplicationCookie"); var ctx = Request.GetOwinContext(); var authManager = ctx.Authentication; authManager.SignIn(identity); return RedirectToAction("Index",

I'm in the process of converting my ASP.NET Web API from being IIS hosted to being self hosted. In one of my DelegatingHandlers I set the current user based on the token from the HTTP header. I've been using HttpContext.Current.Items to store this information, but that isn't available under self hosting. What is the correct way to store per request data that can be accessed anywhere in my application? The Request message has a Properties collection. 来源： https://stackoverflow.com/questions/19788153/how-should-i-store-per-request-data-when-using-owin-to-self-host-asp-net-web-api

Can somebody explain how to implement sliding expiration using the new Owin WS-Federation plugin? On the client side, at WS-Fedeartion configuration I see that there are some events like : Notifications = new WsFederationAuthenticationNotifications { SecurityTokenReceived = ..., AuthenticationFailed = ..., RedirectToIdentityProvider = ..., MessageReceived = ..., SecurityTokenValidated = .... }, But because the lack of documentation I can't really figure it out where an how? At the moment my STS is issuing tokens with absolute expiration : protected override Lifetime GetTokenLifetime(Lifetime

I would like some help on parsing HTTP POST requests in a C# console application. The app runs a 'web-server' using Owin. Details of the application are available here and the current 'stable version' of the relevant code is here . I am extending the above application to enable configuration through the web UI. For example, the app currently reports a large number of parameters. I would like the end-user to be able to select which parameters get reported over the network. Towards this, I made some modifications to the code above: using Microsoft.Owin; using Owin; ......... [assembly: