Web API 2 OWIN Bearer Token purpose of cookie?
In the SPA template there are actually two separate authentication mechanisms enabled- cookie authentication and token authentication. This enables authentication of both MVC and Web API controller actions, but requires some additional setup. If you look in the WebApiConfig.Register method you’ll see this line of code: config.SuppressDefaultHostAuthentication(); That tells Web API to ignore cookie authentication, … Read more