I've a ASP.NET MVC website which uses an ASP.NET WebAPI to authenticate. I've using ThinkTecture IdentityModel for basic authentication and session token, which works fine locally and in Azure Websites. However, I had to migrate to Azure Cloud services and now I can't authenticate with the token, always receiving the 401 error, but with just username and password works fine.
The only difference I can guess is that I've to deal with IIS now. Is there any modification required to allow authentication with token?
UPDATED:
I'm not using any Web.Config configuration for authentication, just using the following code in WebAPIConfig.
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
var authConfig = new AuthenticationConfiguration
{
RequireSsl = true,
EnableSessionToken = true,
SendWwwAuthenticateResponseHeaders = true,
SessionToken = new SessionTokenConfiguration()
{
DefaultTokenLifetime = System.TimeSpan.FromDays(1.0)
}
};
// setup authentication against membership
authConfig.AddBasicAuthentication(
(userName, password) => WebSecurity.Login(userName, password, true)
);
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
}
I'd set a fixed signing key on the SessionTokenConfiguration. You definitely need that.