I cannot get OWIN to work with cookie authentication. I configured my OWIN token endpoint in Startup as:
OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; app.UseOAuthBearerTokens(OAuthOptions);
I also set up cookie authentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions());
Now that I am at the /token endpoint, I get the carrier token in response, and the cookie is also set on the client side with the token.
Next, I have a controller that is decorated with the Authorize attribute. When I try to access any method, I get an unauthorized 401 response, although a cookie is sent with the request. OWIN does not seem to respect the authentication cookie.
I missed something here, maybe some type of configuration? All this works fine if I set the authorization header with a carrier token, but why doesn't it work only with cookies?
c # asp.net-mvc asp.net-web-api owin
Obaid
source share