OWIN Cookie身份验证 [英] OWIN Cookie Authentication

问题描述

我似乎无法得到OWIN基于Cookie的身份验证。我已经配置我OWIN令牌端点启动为：

I can't seem to get OWIN to work with Cookie based authentication. I have configured my OWIN token endpoint in Startup as:

OAuthOptions = new OAuthAuthorizationServerOptions
{
   TokenEndpointPath = new PathString("/Token"),
   Provider = new ApplicationOAuthProvider(PublicClientId),
   AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
   AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);

我也配置Cookie身份验证：

I have also configured Cookie Authentication:

app.UseCookieAuthentication(new CookieAuthenticationOptions());

现在，当我打的 /令牌端点我得到的承载令牌响应和饼干也被设置在与令牌客户端。

Now when I hit the /token endpoint I get the bearer token in response and a cookie is also set on client side with the token.

接下来我有一个装饰着授权属性的控制器。当我尝试访问的任何方法，我收到了401未授权的响应，即使该cookie与请求一起发送。这似乎是OWIN没有履行进行身份验证cookie的。

Next up I have a controller that is decorated with the Authorize Attribute. When I try to access any method I get a 401 Unauthorized response, even though the cookie is sent with the request. It seems OWIN is not honoring the cookie for authentication.

我在这里缺少一些东西，可能是一些类型的配置？所有这一切的伟大工程，如果我设定承载令牌授权头，但为什么它不工作的cookie只？

Am I missing some thing here, probably some type of configuration? All of this works great if I set the Authorization header with bearer token but why does it not work with cookie only?

推荐答案

在任何情况下也面临同样的问题，在配置的WebAPI以下行被忽略饼干，看着承载令牌。

In case anyone is facing the same issue, in the WebApi Config the following line was ignoring the cookie and looked at the Bearer Token.

config.SuppressDefaultHostAuthentication();

在谈到它使得基于cookie认证的工作。

Commenting it out made the cookie based Authentication work.

这篇关于OWIN Cookie身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！