问题
I have a working app with MVC5 and Web API (both different IIS applications) using Forms Authentication and Bearer token. Yes, they must remain two separate IIS applications. I am using the auth token as the username in my Forms Authentication cookie and that's how I am able to pass the token back and forth from MVC and Web API.
I am also using Asp.net Identity 2.0.
I would like to take Forms Authentication out of the equation and just use Owin Authentication but the User.Identity.IsAuthenticate is always false in my MVC app when I do have a Bearer Token issued.
Can anyone point me to code showing how I can remember auth token between MVC and Web API w/o Forms Authentication?
回答1:
All your machineyKey on web..config should be the unified, do not generate machineKey using any online tool, please generate them using power-shell. You can find more about this by reading my blog post here.
回答2:
All machineKey of your webconfig files must be the same for domains that will share athentication.
Check this answer about how to set it.
来源:https://stackoverflow.com/questions/25901414/owin-authentication-between-mvc-5-and-web-api-separate-iis-applications