Authenticated user is lost in web api owin middleware

305 Views Asked by Abolfazl At 30 June 2021 at 07:08

I'm using owin middleware and Jwt Bearer Aurhentication alongside Autofac that help my Webapi to handle requests.

JwtBearerAuthentication middleware works fine and set HttpContext.Current.User.Identity.IsAuthenticated to true and it persist until pipeline reaches to webapi middleware , in my webapi authenticated user is lost

order of middlewares are as follows:

public void Configuration(IAppBuilder app)
{

    var config = new HttpConfiguration();
    WebApiConfig.Register(config);
    #region Autofac config

    var container = AutofacWebapiConfig.Initialize(GlobalConfiguration.Configuration);
    config.DependencyResolver = new AutofacWebApiDependencyResolver(container);

    #endregion
    #region RoutConfig

    RouteConfig.RegisterRoutes(RouteTable.Routes);

    #endregion

    //Register middlewares
    app.UseAutofacMiddleware(container);
    app.UseAutofacWebApi(config);
    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
    app.UseJwtBearerAuthentication(new MyJwtAuthenticationOptions());
    app.Use<RedirectUnAuthenticateRequestsMiddleware>();
    app.Use<ReadBodyMiddleware>();
    app.UseWebApi(config); //in this middleware authenticated user is lost

}

Here is my WebApiConfig class:

    public static void Register(HttpConfiguration config)
    {
        // Owin auth
        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new HostAuthenticationFilter("Signature"));
        GlobalConfiguration.Configuration.IncludeErrorDetailPolicy =
IncludeErrorDetailPolicy.Always;
        // Web API routes
        config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
        config.MapHttpAttributeRoutes();
        config.Services.Insert(typeof(ModelBinderProvider), 0,
         new SimpleModelBinderProvider(typeof(DocumentModel), new FromFormDataBinding()));
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "{controller}/{action}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
    }
}

Have you any idea?

Update:

Inside my owin middleware after authentication middleware, IsAuthenticated is set to true

  public override async Task Invoke(IOwinContext context)
{
      var isAuth=context.Request.User.Identity.IsAuthenticated;//It is true as expected.
                await Next.Invoke(context);
                return;
}

but when it reaches to my controller

HttpContext.Current.User.Identity.IsAuthenticated;//It is false.

Original Q&A

There are 1 best solutions below

Abolfazl On 01 July 2021 at 07:07 BEST ANSWER

Problem was from this line in WebApiConfig class;

config.SuppressDefaultHostAuthentication();

When i commented,issue disappeared and authenticated user persisted in webapi.

Authenticated user is lost in web api owin middleware

There are 1 best solutions below

Related Questions in C#

Related Questions in ASP.NET-WEB-API

Related Questions in JWT

Related Questions in AUTOFAC

Related Questions in OWIN-MIDDLEWARE

Trending Questions

Popular # Hahtags

Popular Questions