I have two separate project - one ASP.NET MVC and one ASP.NET Web API. They are hosted on MS Azure under the same domain, so that my MVC app is www.myapp.azurewebsites.net/ and my Web API is www.myapp.azurewebsites.net/api.
The two projects share the same authnentication and in fact the Web API one is using cookie authentication. There is some configuration that needs to be set up in order for this thing to work including the fact that the line that follows should be commented out as pointed in this answer:
config.SuppressDefaultHostAuthentication();
In addition, the two projects have been configured to use SSL on Azure (I'm pointing this out because I think that it can be connected with my issue).
So, I've made a simple TestsController and a Get method inside it to see what's actually happening.
It looks like this:
[HttpGet]
[AllowAnonymous]
public IHttpActionResult Get()
{
var identity = Thread.CurrentPrincipal.Identity;
var cookie = Request.Headers
.GetCookies(".AspNet.ApplicationCookie")
.FirstOrDefault()[".AspNet.ApplicationCookie"]
.Value;
var returnObj = new
{
Name = identity.Name,
IsAuthenticated = identity.IsAuthenticated,
AuthenticationType = identity.AuthenticationType,
UserName = identity.GetUserName(),
UserId = identity.GetUserId(),
Cookie = cookie
};
return Ok(returnObj);
}
Sending an HTTP request to the method above (GET - api/tests) results in this:
localhost:
{
"name": "name@email.com",
"isAuthenticated": true,
"authenticationType": "ApplicationCookie",
"userName": "name@email.com",
"userId": "User Id",
"cookie": "Cookie Value For Localhost"
}
Azure:
{
"name": "",
"isAuthenticated": false,
"authenticationType": "",
"userName": "",
"userId": null,
"cookie": "Cookie Value For Azure"
}
So why I'm not getting authenticated on Azure, while everything works correctly on my local machine?
