问题
I can't seem to get OWIN to work with Cookie based authentication. I have configured my OWIN token endpoint in Startup as:
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
I have also configured Cookie Authentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions());
Now when I hit the /token endpoint I get the bearer token in response and a cookie is also set on client side with the token.
Next up I have a controller that is decorated with the Authorize Attribute. When I try to access any method I get a 401 Unauthorized response, even though the cookie is sent with the request. It seems OWIN is not honoring the cookie for authentication.
Am I missing some thing here, probably some type of configuration? All of this works great if I set the Authorization header with bearer token but why does it not work with cookie only?
回答1:
In case anyone is facing the same issue, in the WebApi Config the following line was ignoring the cookie and looked at the Bearer Token.
config.SuppressDefaultHostAuthentication();
Commenting it out made the cookie based Authentication work.
来源:https://stackoverflow.com/questions/27272095/owin-cookie-authentication