Search code examples
c#asp.net-web-apijwtautofacowin-middleware

Authenticated user is lost in web api owin middleware

I'm using owin middleware and Jwt Bearer Aurhentication alongside Autofac that help my Webapi to handle requests.

JwtBearerAuthentication middleware works fine and set HttpContext.Current.User.Identity.IsAuthenticated to true and it persist until pipeline reaches to webapi middleware , in my webapi authenticated user is lost

order of middlewares are as follows:

public void Configuration(IAppBuilder app)
{

    var config = new HttpConfiguration();
    WebApiConfig.Register(config);
    #region Autofac config

    var container = AutofacWebapiConfig.Initialize(GlobalConfiguration.Configuration);
    config.DependencyResolver = new AutofacWebApiDependencyResolver(container);

    #endregion
    #region RoutConfig

    RouteConfig.RegisterRoutes(RouteTable.Routes);

    #endregion

    //Register middlewares
    app.UseAutofacMiddleware(container);
    app.UseAutofacWebApi(config);
    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
    app.UseJwtBearerAuthentication(new MyJwtAuthenticationOptions());
    app.Use<RedirectUnAuthenticateRequestsMiddleware>();
    app.Use<ReadBodyMiddleware>();
    app.UseWebApi(config); //in this middleware authenticated user is lost

}

Here is my WebApiConfig class:

    public static void Register(HttpConfiguration config)
    {
        // Owin auth
        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new HostAuthenticationFilter("Signature"));
        GlobalConfiguration.Configuration.IncludeErrorDetailPolicy =
IncludeErrorDetailPolicy.Always;
        // Web API routes
        config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
        config.MapHttpAttributeRoutes();
        config.Services.Insert(typeof(ModelBinderProvider), 0,
         new SimpleModelBinderProvider(typeof(DocumentModel), new FromFormDataBinding()));
        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "{controller}/{action}/{id}",
            defaults: new { id = RouteParameter.Optional }
        );
    }
}

Have you any idea?

Update:

Inside my owin middleware after authentication middleware, IsAuthenticated is set to true

  public override async Task Invoke(IOwinContext context)
{
      var isAuth=context.Request.User.Identity.IsAuthenticated;//It is true as expected.
                await Next.Invoke(context);
                return;
}

but when it reaches to my controller

HttpContext.Current.User.Identity.IsAuthenticated;//It is false.
Solution

  • Problem was from this line in WebApiConfig class;

    config.SuppressDefaultHostAuthentication();

    When i commented,issue disappeared and authenticated user persisted in webapi.