Authorize doesn't work for API calls

Question

I am building a .NET FW WebApp that have both a WebSite and WebApi.

I setup OAuth 2.0 using the Visual studio 2015 Template projects, with a bit of change.

Register/Sign-in and Out and [AuthorizeAttribute] on the Controllers work just fine!

Also, I have several class Foo:ApiController{} to handle Ajax requests,
which works well given a Bearer Token.

I Encountered a problem when i needed to submit Multipart-Formdata to the API.
and Saw that User.Identity did not exist, and [Authorize] fails to pass. (Even though Requests to the Controllers (Not the ApiControllers) run smooth.

I am pretty new to Web Development, so i am probably missing something fundamental.

• Checked cookies passed with the Form.submit() are the same as any other Page request.

• Even simple GET request from an ApiController fails to authorize.

  1. What information should i post in order to help you help me?
  2. What is the difference between my Controller and ApiController classes in terms of Authentication & Authorization?

Answer 1

I knew it's something Basic.

For whom, who is as unfamiliar with the Visual Studio 2013 Web-API Project Template.

The Auth & Auth for your Site is defined by Startup.Auth.cs
while for the WebApi it is at WebApiConfig.cs

in WebApiConfig::Register(...) there is a line config.SuppressDefaultHostAuthentication(); which prevents the already configured CookieAuthentication to work on ApiController calls.

Hope this helps anyone