It turned out that the root cause was the Ajax call. The problematic flow was 1) OAuth cookie got expired after some time 2) Expiration normally causes redirection the page to login.microsoft.com to refresh the cookie. In this step OAuth framework adds new nonce cookie to the response (every time)! 3) But Ajax doesn’t handle … Read more
Your understanding is generally correct, but the role of OWIN seems misunderstood. A more complete timeline would be: OWIN Standard developed to describe generic .NET web interface, a la WSGI/Rake/Connect (first commit in 2010). ASP.NET WebAPI is developed host-independent, but released with https://www.nuget.org/packages/Microsoft.AspNet.WebApi.WebHost/. Katana Project implements several OWIN hosts: https://www.nuget.org/packages/Microsoft.Owin.SelfHost/ https://www.nuget.org/packages/Microsoft.Owin.Host.HttpListener/ https://www.nuget.org/packages/Microsoft.Owin.Host.IIS/ https://www.nuget.org/packages/Microsoft.Owin.Host.SystemWeb/ ASP.NET WebAPI … Read more
There are different ways to do this but one of the best way could be custom authorization attributes.You just need to inherit the AuthorizeAttribute and override HandleUnauthorizedRequest() method of it. public class CustomAuthorization : AuthorizeAttribute { protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { actionContext.Response = new HttpResponseMessage { StatusCode = HttpStatusCode.Forbidden, Content = new StringContent(“You are … Read more
I believe I have a working method for doing this now. Took a bit of googling and experimentation, but in the end I came up with the following process: Create a new ASP.NET 4.5 project in VS2015, selecting the Empty Template Add OWIN references through nuget (Install-Package Microsoft.Owin.Host.SystemWeb and Microsoft.Owin.StaticFiles) Add a startup file similar … Read more
ClaimTypes.Name (http:// schemas.xmlsoap.org/ws/2005/05/identity/claims/name) should be used for the username. ClaimTypes.NameIdentifier is typically used for the user’s id. In some cases it could be a username. ASP.NET Identity uses ClaimTypes.Name to store the username, and ClaimTypes.NameIdentifier to store the primary key GUID of the user.
I know your issue was solved inside comments, but I believe is important to understand what was causing it and how to resolve this entire class of problems. Looking at your code I can see you are setting the Access-Control-Allow-Origin header more than once for the Token endpoint: app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); And inside GrantResourceOwnerCredentials method: context.OwinContext.Response.Headers.Add(“Access-Control-Allow-Origin”, new[] … Read more
Yes, deriving from OwinMiddleware is recommended. The reason some middleware classes don’t derive from OwinMiddleware is that either they haven’t switched over yet because the class was introduced recently. Or to avoid having the assembly take a dependency on the Microsoft.Owin assembly for some reason. The probable reason setting stuff on the response after calling … Read more
You should be able to use the AddCommandLine() extension. First install the Nuget package Microsoft.Extensions.Configuration.CommandLine and ensure you have the correct import: using Microsoft.Extensions.Configuration; Now update your Main method to include the new config: var config = new ConfigurationBuilder() .AddJsonFile(“hosting.json”, optional: true) //this is not needed, but could be useful .AddCommandLine(args) .Build(); var builder = … Read more