Reputation: 2633
Owin OAuth localhost/Token returns 404
Firstly, everything works when I run it from Visual Studio using iis express.
I have an Asp.Net Web Api running Owin OAuth. This is the configuration part of my Startup class:
private static void ConfigureAuth(IAppBuilder app)
{
var oAuthOptions = new OAuthAuthorizationServerOptions
{
#if DEBUG
AllowInsecureHttp = true,
#endif
TokenEndpointPath = new PathString("/Token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(30),
Provider = new ApplicationOAuthProvider()
};
app.UseOAuthAuthorizationServer(oAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
This is the Register part of my WebApiConfig.cs
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors(cors);
// Web API routes
config.MapHttpAttributeRoutes();
// OData
var builder = new ODataConventionModelBuilder();
builder.EntitySet<Employee>("Employee");
config.MapODataServiceRoute(
routeName: "ODataRoute",
routePrefix: "odata/",
model: builder.GetEdmModel()
);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
I have deployed this application on IIS version 8.5.* and everything works except the localhost/Token endpoint. It is a combined MVC + Web Api project.
I am using .NET v4.5 application pool (.NET CLR Version: 4.0) with integrated pipeline mode and Microsoft.Owin.Host.SystemWeb.dll is present in the bin folder.
Why do I get 404 when I make a request to the Token endpoint?
Upvotes: 6
Views: 6532
Answers (2)
Reputation: 51
install Nuget package Microsoft.Owin.Host.SystemWeb because your handler are not registering.
if still not work then add the following handler in web.config file
<add name="Owin" verb="" path="*" type="Microsoft.Owin.Host.SystemWeb.OwinHttpHandler, Microsoft.Owin.Host.SystemWeb"/>
</handlers>
Upvotes: 0
Reputation: 2391
I had the same issue. Here is your problem:
#if DEBUG
AllowInsecureHttp = true,
#endif
Locally (IISExpress), you're running a DEBUG build and your compiler directive sets the AllowInsecureHttp to true. This means you can ask a new OAuth token over both http and https.
Deploying to IIS means that you first do a RELEASE build. So the compiler directive omits the AllowInsecureHttp line. The property defaults to false, which means you can only get an OAuth token over https. If you try ask a token over http, the server will answer with a 404.
Upvotes: 12
Related Questions
- Web API with OWIN Auth is returning "Authorization has been denied for this request." on every action with [Authorize]
- Web API - OWIN TokenEndPointPath not found 404 on IIS
- ASP.NET Web API - OWIN - TokenEndPointPath not working in IIS
- Call to httpclient throws a 404 response when using OWIN SelfHost
- OAuth Bearer Token Not Working for WebApi
- get access token via asp.net Microsoft.Owin.Security.OAuth
- OAuth bearer token not working
- Owin Bearer Token Not Working for WebApi
- Always getting the "Authorization has been denied for this request." message
- OWIN Bearer Token Authentication