my web api hosted with mvc. mvc have cookie auth but i need to authenticate the web api with azure ad access token send by my another app so i use the owin jwt auth middleware but when try to access the action with [authorize] it returns authorization denied for the request and httpcontext.current.user is null. i decoded the access token in online decoder it contains user email id and other info but why it denied please help on this.
`public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
ConfigureApiOAuth(app);
ConfigureAuth(app);
}
public void ConfigureApiOAuth(IAppBuilder app)
{
var issuer = "https://sts.windows.net/tenantId/";
var audienceId = myappregisterationclientid;
var audienceSecret = ASCIIEncoding.UTF8.GetBytes(clientsceret);
app.UseJwtBearerAuthentication(
new JwtBearerAuthenticationOptions
{
AuthenticationMode = AuthenticationMode.Active,
AllowedAudiences = new[] { audienceId },
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = audienceId,
ValidIssuer = issuer,
ValidateLifetime = false
},
IssuerSecurityKeyProviders = new IIssuerSecurityKeyProvider[]
{
new SymmetricKeyIssuerSecurityKeyProvider(issuer, audienceSecret)
}
});
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseWebApi(config);
}
}
}`
controller:
[Authorize]
public Dictionary