0

I recently moved an older ASP.NET MVC 5 application to Azure AppService.

The application consists of two services:

  • Service A acts as OAuthAuthorizationServer and is configured to also issue OAuthBearerTokens
  • The bearer token is then used for authentication with service B.

This worked fine now for several years and also works when I run everything locally.

However when I run it in Azure I do receive a token from service A but service B does not accept it as I get redirected to the login page of that service.

What did I do so far:

  • Played around in different configurations
  • Updated the libraries Microsoft.Owin.Security.OAuth and others to the latest version
  • Configured App Service Authentication by using OpenID (after that nothing work anymore)
  • Checked setting in azure but found nothing
  • Checked for serverlogs in azure and via ftp but could not find any

I'd like to either find a way to debug the issue by getting some logs up and running to see why the token is rejected or if someone has an idea what could cause the issue.

Please help, I'm pretty lost at the moment ...

Edit: The implementation basically follows http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

The two services are two separate App Services.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Vanice
  • 676
  • 5
  • 15

1 Answers1

0

Finally I got it working and I'd like to share it with you.

The issue was that I use two separate AppServices and the way OWIN produces the tokens is bound to the machine key (and it worked before since both application were previously hosted on the same server).

The solution is either to make sure that both instances use the same key or by implementing a different token.

Machine key approach: Extracting the MachineKey from a deployed Azure App Service

Proper implementation: OWIN Authentication Server for multiple applications

Vanice
  • 676
  • 5
  • 15