OWIN Cookie Authentication

2020-07-29 04:02发布

问题:

I can't seem to get OWIN to work with Cookie based authentication. I have configured my OWIN token endpoint in Startup as:

OAuthOptions = new OAuthAuthorizationServerOptions
{
   TokenEndpointPath = new PathString("/Token"),
   Provider = new ApplicationOAuthProvider(PublicClientId),
   AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
   AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);

I have also configured Cookie Authentication:

app.UseCookieAuthentication(new CookieAuthenticationOptions());

Now when I hit the /token endpoint I get the bearer token in response and a cookie is also set on client side with the token.

Next up I have a controller that is decorated with the Authorize Attribute. When I try to access any method I get a 401 Unauthorized response, even though the cookie is sent with the request. It seems OWIN is not honoring the cookie for authentication.

Am I missing some thing here, probably some type of configuration? All of this works great if I set the Authorization header with bearer token but why does it not work with cookie only?

回答1:

In case anyone is facing the same issue, in the WebApi Config the following line was ignoring the cookie and looked at the Bearer Token.

config.SuppressDefaultHostAuthentication();

Commenting it out made the cookie based Authentication work.