Last post Jul 23, 2015 10:35 AM by Richard Scannell
Jul 21, 2015 12:03 PM|Richard Scannell|LINK
I am building a web APi 2 intranet app, using Windows Authentication : Web Config is set as below :
<authentication mode="Windows" />
<deny users="?" />
In Session_Start of Global Asax, the credentials are present under User.Identity.Name
& var RoleList = Roles.GetRolesForUser(); returns a perfect list of roles defined through azman, including Role = "APIUser".
When this redirects to the Home/Index, these values are still present :
But, When I launch http://localhost:1234/API/MyFunc, the credentials in HttpContext.Current.User.Identity are null...So the function prompts for a login, when I try to apply an Authorization filter :
public IQueryable<Employee> MyFunc(int id)
How do I fix this, & ensure the id still exists
Jul 21, 2015 11:57 PM|mostafasydney|LINK
Are you using OWIN middleware? Please refer to the post below:
Hope this will help.
Jul 22, 2015 04:20 AM|Richard Scannell|LINK
I'd not explicitly added OWIN.. it was a new web api ( intranet ) project. Thank you for the link - it certainly looks like the same symptoms
Jul 23, 2015 10:35 AM|Richard Scannell|LINK
I tried adding OWIN to the project, but it didn't fix things. I looked into the code a bit more & found the following the WebApiConfig :
These look like they overrode the values in Web.Config & attempted to implement an OAuth Authentication instead. The fact that they were in the WEBAPI Config , points to why the MVC app worked ok, & the API didnt. Possibly I selected the wrong Authentication
protocol. I built a new WEBApi from scratch & found that Api/Values now held on to my credentials, & the associated roles... . So I used that to create some new controllers & that my Authorize filter now works too.
Thanks for your help