ASP.NET Identity External Providers Web API without cookies

Question

I have seen several ways to set up external provider support for authentication in ASP.NET Web API using Identity, however all of them rely on a cookie, that is set after the user is successfully authorized by the external provider (callled "AspNet.External"), which has to be then forwarded to the token endpoint on the Web API itself.

Is there any way to circumvent this and use external authentication with ASP.NET Web API without the need to use cookies? The reason for this concern is that I would like to integrate this authentication in my mobile app, but the user can disable cookies any time, rendering my app unusable.

Answer 1

What about using OAuth2?

1. Build a oauth2 server with https://www.nuget.org/packages/Microsoft.Owin.Security.OAuth/ ,
2. Set your server web api app as resource server, and enable oauth bearer authentication, which use Authentication header , not cookie.
3. After get access_token from oauth2 server, set the Authentication header for your client request.

you can check out the code here:

https://github.com/beginor/owin-samples