Authorization has been denied for this request

user3514371 picture user3514371 · Feb 6, 2015 · Viewed 9.4k times · Source

I have created a webapi with Basic OAuth and a mobile app using ajax to access the api. I set the AccessTokenExpireTimeSpan to be 1 day as coded below.

static Startup()
{
    PublicClientId = "self";
    UserManagerFactory = () => 
      new UserManager<IdentityUser>(new UserStore<IdentityUser>());
    OAuthOptions = new OAuthAuthorizationServerOptions
    {
        TokenEndpointPath = new PathString("/Token"),
        Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
        AuthorizeEndpointPath = new PathString("/api/UserAccount/ExternalLogin"),
        AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
        AllowInsecureHttp = true            
    };
}

Everything works fine in my local pc until I deployed it on the hosting site.

My app can login and received the new token and with this token the app (for every 2 seconds) is able to access the webapi for a whole day until the token expired. But if I stops the app (without stopping the app) from accessing the webapi for 5 to 6 minutes, and then I starts it again, I will get a "401 - Authorization has been denied for this request." and need to request for a new token.

Now, since it works in my PC, is there anything that I missed out that could cause this denied eg Session, cookies, setting in the host system etc ?

FYI My PC is using IIS7.5 and Host system is powered by PleskWin and using IIS8.5

Answer

user3514371 picture user3514371 · Feb 10, 2015

I managed to play around the Plesk and found a setting under ASP.Net Configuration for Website > Session setting > Authentication mode, I changed it from original "None" to "Windows" and it works. After 5 to 6 minutes, it does not give me the error as I stated before. Just for info, under same section, there is also a Session timeout (minutes), it is set as 20 and I have not changed it from the start of deployment.

I am still not sure what this setting does or what relationship it does with IIS. Can anybody enlighten me on this ?