I can't seem to get OWIN to work with Cookie based authentication. I have configured my OWIN token endpoint in Startup as:

OAuthOptions = new OAuthAuthorizationServerOptions
{
   TokenEndpointPath = new PathString("/Token"),
   Provider = new ApplicationOAuthProvider(PublicClientId),
   AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
   AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);

I have also configured Cookie Authentication:

app.UseCookieAuthentication(new CookieAuthenticationOptions());

Now when I hit the /token endpoint I get the bearer token in response and a cookie is also set on client side with the token.

Next up I have a controller that is decorated with the Authorize Attribute. When I try to access any method I get a 401 Unauthorized response, even though the cookie is sent with the request. It seems OWIN is not honoring the cookie for authentication.

Am I missing some thing here, probably some type of configuration? All of this works great if I set the Authorization header with bearer token but why does it not work with cookie only?

In case anyone is facing the same issue, in the WebApi Config the following line was ignoring the cookie and looked at the Bearer Token.

config.SuppressDefaultHostAuthentication();

Commenting it out made the cookie based Authentication work.