How am I getting a windows identity in this code?

Question

Related to this problem: Owin Stage Markers

I'm using owin and identity framework to init an IIS hosted web app with authentication ...

    public static void Configure(IAppBuilder app, IKernel kernel)
    {
        // ensure that owin creates the required UserManager & sign in manager per owin instance
        app.CreatePerOwinContext<ApplicationUserManager>((options, owinContext) => ApplicationUserManager.Create(options, owinContext, kernel));
        app.CreatePerOwinContext<ApplicationSignInManager>((options, owinContext) => ApplicationSignInManager.Create(options, owinContext, kernel));

        GlobalFilters.Filters.Add(new AuthorizeAttribute());
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        app.Use((context, next) =>
        {
            // figure out if the user is in fact authenticated if not use "Guest" as the username here
            var userName = context.Request?.User?.Identity?.Name ?? "Guest";

            //THE QUESTION:
            // Why at this point is context.Request.User a windows user with a username of ""

            return next.Invoke();
        }).UseStageMarker(PipelineStage.PostAuthenticate);
    }

I'm not using windows auth anywhere, only bearer auth, and on the server windows auth is disabled within IIS, so how am I getting this "empty" identity and how can I fix this to get my token based identity from the authorization info in the current request?

Answer 1

Hmm,

It seems that Identityframework falls back to this state when it's authenticated but couldn't find a match.

I had a basic auth string in the header where it was looking for a bearer token which it couldn't validate.

I'm pretty sure this is odd behaviour though, some sort of auth failure / security exception might be a better solution here.