Last post Jul 01, 2014 03:42 PM by BrockAllen
Jun 30, 2014 07:07 PM|antney|LINK
I am hosting a web api using katana security middleware on an IIS server using the embedded authorization server (SimpleAuthorizationServerProvider). All works fine I can authenicate users they get a bearer token and they can access resources. If I recycle
the application pool all the bearer tokens get rejected 401. Any idea why this would happen?
Jun 30, 2014 09:11 PM|BrockAllen|LINK
Have you set the <machineKey> element in web.config? This is the key that's used to issue/validate the bearer tokens.
Jul 01, 2014 03:36 PM|antney|LINK
Thanks Brock you were right I needed the machine key in web.config.
From a security best practice perspective is it OK to leave those keys in web.config in clear text? Or should I encrypt that section (if that's even possible)?
Jul 01, 2014 03:42 PM|BrockAllen|LINK