This project has moved. For the latest updates, please go here.

SuppressDefaultHostAuthentication

Jul 26, 2013 at 2:30 PM
Hi,

can anyone tell me, what the method
  SuppressDefaultHostAuthentication
within the Class
  System.Web.Http.OwinHttpConfigurationExtensions.
is for?

Does it deactivate active security-middleware, if there has been any registered?

Wishes,
Manfred
Coordinator
Jul 29, 2013 at 4:20 PM
See: https://aspnetwebstack.codeplex.com/SourceControl/latest#src/System.Web.Http.Owin/OwinHttpConfigurationExtensions.cs

/// When the host's default authentication is suppressed, the current principal is set to anonymous upon
/// entering the <see cref="HttpServer"/>'s first message handler. As a result, any default authentication
/// performed by the host is ignored. The remaining pipeline within the <see cref="HttpServer"/>, including
/// <see cref="IAuthenticationFilter"/>s, is then the exclusive authority for authentication.

From the doc comments, it sounds like it would ignore any auth performed in OWIN middleware, as well as that performed in the underlying server.
Feb 19, 2014 at 10:49 AM
I was running into a problem that when I used SuppressDefaultHostAuthentication in my WebApi setup, it also disabled the active cookie authentication across the other parts of the project. (Its a website project running on IIS that have been setup with app.UseWebApi())

Is it the intention that it should suppress authentication outside webapi environment?

As soon as I comment out SuppressDefaultHostAuthentication, then authentication works as normal in my application. (the website is a Composite C1 site).


If that is by design. Would it be possible to create a similar SuppressDefaultHostAuthentication that only do it for routes defined in the HttpConfiguration returned for UseWebApi ?
Coordinator
Feb 19, 2014 at 2:35 PM
@pksorensen, I suggest you take that question to the WebApi forums. They'll know better.
Feb 19, 2014 at 4:28 PM
Got help on Jabbr and resolved my problems by using app.Map before doing app.UseWebApi.