locked
OWIN Authentication + Batch requests RRS feed

  • Question

  • User-736251935 posted

    We have a WebApi application with batch routing and OWIN for authentication.
    The OWIN authentication pipeline works fine when accessing our API routes directly, but fails for batched requests.

    For batched requests, we receive the following error for each subrequest that requires authentication:

    --c549244e-a4b1-4a78-882a-04683b08d7e2
    Content-Type: application/http; msgtype=response
    
    HTTP/1.1 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    
    {
      "message": "Authorization has been denied for this request."
    }
    --c549244e-a4b1-4a78-882a-04683b08d7e2--

    Our WebApiConfig is as follows:

    // Configure Web API to use only bearer token authentication.
    config.SuppressDefaultHostAuthentication();
    config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
    
    // Lock down
    config.Filters.Add(new AuthorizeAttribute());
    
    // Attribute routing.
    config.MapHttpAttributeRoutes();
    
    // Batch request routing
    config.Routes.MapHttpBatchRoute(
        routeName: "WebApiBatch",
        routeTemplate: "v1/batch",
        batchHandler: new DefaultHttpBatchHandler(GlobalConfiguration.DefaultServer) { ExecutionOrder = BatchExecutionOrder.NonSequential }
    );
    

    In this thread by Dimitry M. the author accepted an answer where authentication headers of the parent HTTP request are copied to the subrequests using an ActionFilter. This is not satisfactory to me because I wish to authenticate each subrequest individually.

    Does anyone know how I need to configure OWIN or the Batch routing so each subrequest is authenticated by the OWIN pipeline?

    Tuesday, April 28, 2015 11:25 AM

All replies

  • User1487538269 posted

    Did you find a solution for this? I have exactly the same issue and am not finding any solution.

    Tuesday, October 17, 2017 12:28 PM