I can't seem to get OWIN to work with Cookie based authentication. I have configured my OWIN token endpoint in Startup as:
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
I have also configured Cookie Authentication:
app.UseCookieAuthentication(new CookieAuthenticationOptions());
Now when I hit the /token
endpoint I get the bearer token in response and a cookie is also set on client side with the token.
Next up I have a controller that is decorated with the Authorize
Attribute. When I try to access any method I get a 401 Unauthorized response, even though the cookie is sent with the request. It seems OWIN is not honoring the cookie for authentication.
Am I missing some thing here, probably some type of configuration? All of this works great if I set the Authorization header with bearer token but why does it not work with cookie only?