Related to this problem: Owin Stage Markers

I'm using owin and identity framework to init an IIS hosted web app with authentication ...

    public static void Configure(IAppBuilder app, IKernel kernel)
    {
        // ensure that owin creates the required UserManager & sign in manager per owin instance
        app.CreatePerOwinContext<ApplicationUserManager>((options, owinContext) => ApplicationUserManager.Create(options, owinContext, kernel));
        app.CreatePerOwinContext<ApplicationSignInManager>((options, owinContext) => ApplicationSignInManager.Create(options, owinContext, kernel));

        GlobalFilters.Filters.Add(new AuthorizeAttribute());
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        app.Use((context, next) =>
        {
            // figure out if the user is in fact authenticated if not use "Guest" as the username here
            var userName = context.Request?.User?.Identity?.Name ?? "Guest";

            //THE QUESTION:
            // Why at this point is context.Request.User a windows user with a username of ""

            return next.Invoke();
        }).UseStageMarker(PipelineStage.PostAuthenticate);
    }

I'm not using windows auth anywhere, only bearer auth, and on the server windows auth is disabled within IIS, so how am I getting this "empty" identity and how can I fix this to get my token based identity from the authorization info in the current request?

Hmm,

It seems that Identityframework falls back to this state when it's authenticated but couldn't find a match.

I had a basic auth string in the header where it was looking for a bearer token which it couldn't validate.

I'm pretty sure this is odd behaviour though, some sort of auth failure / security exception might be a better solution here.