In an ASP.NET MVC application that uses ASP.NET Identity & WSFederation Owin middelware for authentication I've added WebAPI NuGet packages. I've also added a simple ApiController. If I don't put the Authorize attribute on the ApiController, I can call it and it returns data.

If I add the Authorize attribute, things explode since ASP.NET wants to trigger the normal Login procedure and I want to use bearer tokens for the api.

In the WebAPI config I've added the following lines to prevent this:

        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));

Unfortunately, this introduces a new error when calling the api:

<Error>
  <Message>An error has occurred.</Message>
  <ExceptionMessage>
     No OWIN authentication manager is associated with the request.
  </ExceptionMessage>
 <ExceptionType>System.InvalidOperationException</ExceptionType>
 <StackTrace>
 at System.Web.Http.Owin.PassiveAuthenticationMessageHandler.SuppressDefaultAuthenticationChallenges(HttpRequestMessage request) 
 at System.Web.Http.Owin.PassiveAuthenticationMessageHandler.<SendAsync>d__0.MoveNext() --- End of stack trace from previous location where exception was thrown --- 
 at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) 
 at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult() 
at System.Web.Http.HttpServer.<SendAsync>d__0.MoveNext()
 </StackTrace>
</Error>

Related posts

Recent Viewed