0

I've encountered a problem with Owin Authentication in dotVVM framework. I get 401 error after authorization on page that requires to be authenticated.

This is my current startup.cs

var applicationPhysicalPath = HostingEnvironment.ApplicationPhysicalPath;

// use DotVVM
DotvvmConfiguration dotvvmConfiguration = app.UseDotVVM(applicationPhysicalPath);
dotvvmConfiguration.RouteTable.Add("Login", "", "Views/login.dothtml", null);
dotvvmConfiguration.RouteTable.Add("Home", "Home", "Views/home.dothtml", null);
dotvvmConfiguration.RouteTable.Add("Register", "Register", "Views/register.dothtml", null);

// use static files
app.UseStaticFiles(new StaticFileOptions()
{
    FileSystem = new PhysicalFileSystem(applicationPhysicalPath)
});

app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
});

HomeViewModel.cs

[Authorize]
public class HomeViewModel : DotvvmViewModelBase { }

I've created Auth Cookie this way

public void Login()
{
    var identity = LoginHelper.GetIdentity(Email, DataAccess.DbAccess.CreateHash(Password));
    if (identity == null)
        return;

    Context.OwinContext.Authentication.SignIn(new ClaimsIdentity(identity));
    Context.Redirect("Home");
}
mason
  • 31,774
  • 10
  • 77
  • 121
Andrej Dobeš
  • 233
  • 1
  • 4
  • 12
  • DotVVM does not do any special magic, the problem will probably be in using Asp.Net Identity. Try to check if `context.OwinContext.Request.User != null && context.OwinContext.Request.User.Identity.IsAuthenticated` is true. DotVVM doesn't do anything more - https://github.com/riganti/dotvvm/blob/master/src/DotVVM.Framework/Runtime/Filters/AuthorizeAttribute.cs#L54 – exyi Oct 15 '15 at 15:23

1 Answers1

3

The order of the registrations in OWIN is important. The app.UseCookieAuthentication should be the first registered middleware.

Tomáš Herceg
  • 1,595
  • 1
  • 13
  • 18