I have created a webapi with Basic OAuth and a mobile app using ajax to access the api. I set the AccessTokenExpireTimeSpan to be 1 day as coded below.
static Startup()
{
PublicClientId = "self";
UserManagerFactory = () =>
new UserManager<IdentityUser>(new UserStore<IdentityUser>());
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/UserAccount/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
AllowInsecureHttp = true
};
}
Everything works fine in my local pc until I deployed it on the hosting site.
My app can login and received the new token and with this token the app (for every 2 seconds) is able to access the webapi for a whole day until the token expired. But if I stops the app (without stopping the app) from accessing the webapi for 5 to 6 minutes, and then I starts it again, I will get a "401 - Authorization has been denied for this request." and need to request for a new token.
Now, since it works in my PC, is there anything that I missed out that could cause this denied eg Session, cookies, setting in the host system etc ?
FYI My PC is using IIS7.5 and Host system is powered by PleskWin and using IIS8.5
I managed to play around the Plesk and found a setting under ASP.Net Configuration for Website > Session setting > Authentication mode, I changed it from original "None" to "Windows" and it works. After 5 to 6 minutes, it does not give me the error as I stated before. Just for info, under same section, there is also a Session timeout (minutes), it is set as 20 and I have not changed it from the start of deployment.
I am still not sure what this setting does or what relationship it does with IIS. Can anybody enlighten me on this ?