I get “Authorization has been denied for this request.” error message when using OWIN oAuth middleware (with separate Auth and Resource Server)

Question

I am attempting to decouple my auth and resource server. I am following the example provided in this tutorial:

http://bitoftech.net/2014/09/24/decouple-owin-authoriz

Answer 1

Running web applications in IIS with different pool you'll get different keys. So, you should run auth and resource applications with the same application pool. Check this https://gyorgybalassy.wordpress.com/2013/12/07/how-unique-is-your-machine-key/

Answer 2

In my post I was clear that you need to override the machineKey node for both APIs (Authorization Server and Resource Server) and share the same machineKey between both web.config files. How do you host those 2 different projects? they are on the same machine or different machines? Please go back to step 5 from the post and check how you can achieve this.